Solved

Sonicwall ViewPoint 5.0 How to create report of downloaded file types

Posted on 2009-04-01
5
712 Views
Last Modified: 2012-08-13
I would like to create a report using ViewPoint that would tell me if certain types of files are being downloaded.  i.e. Include all .com, .exe, .dll, ect. files.  Who downloaded them, when, how many,ect.  Is this possible with ViewPoint?  Any help would be appreciated.
0
Comment
Question by:barrontech
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 250 total points
ID: 24048369
No, not through the Viewpoint front end anyway, which is odd, as the data *is* present in the feed from the firewall to the Viewpoint host.

However, the Viewpoint host stores the logs in MySQL, so it may be possbile to write a report to get what you want *outside* the Viewpoint system, if you can access those.
0
 

Author Closing Comment

by:barrontech
ID: 31565294
That's what I thought.  Odd though isn't it?  
0
 
LVL 16

Expert Comment

by:ccomley
ID: 24057753
Yeah - a strange omission.
0
 

Author Comment

by:barrontech
ID: 24059590
Do you know of another 3rd part product that would give you that information?
0
 
LVL 16

Expert Comment

by:ccomley
ID: 24059781
An alternative *approach* perhaps.

The way Sonicwalls USED to work, you could, for free, turn on a SysLogD feed of *every* transaction on the box, and point it at a syslogd server to collect. Then you could find (Sonicwall used to distribute a cut-down version) a log analyssu program that would munge through that file and report on it. But it was a flat text file so you could write your own.

NOW you have to register the box for ViewPoint before you can enable the Syslog feed BUT I believe it is *still* a regular Syslog feed. So instead of pointing it at your ViewPoint server, you could point it at a plain ordinary SyslogD server, which will collect it in a flat text file as before, and then you can just use GREP to look for file downloads, for example.

I don't know if you could have the Syslog server forward a "tee" copy of the log onwards to the Viewpoint machine and thus run both.  You'd have to explore the options of SyslogD implementations.  Or ask in the Linux area.

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now