Solved

Sonicwall ViewPoint 5.0 How to create report of downloaded file types

Posted on 2009-04-01
5
732 Views
Last Modified: 2012-08-13
I would like to create a report using ViewPoint that would tell me if certain types of files are being downloaded.  i.e. Include all .com, .exe, .dll, ect. files.  Who downloaded them, when, how many,ect.  Is this possible with ViewPoint?  Any help would be appreciated.
0
Comment
Question by:barrontech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 250 total points
ID: 24048369
No, not through the Viewpoint front end anyway, which is odd, as the data *is* present in the feed from the firewall to the Viewpoint host.

However, the Viewpoint host stores the logs in MySQL, so it may be possbile to write a report to get what you want *outside* the Viewpoint system, if you can access those.
0
 

Author Closing Comment

by:barrontech
ID: 31565294
That's what I thought.  Odd though isn't it?  
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24057753
Yeah - a strange omission.
0
 

Author Comment

by:barrontech
ID: 24059590
Do you know of another 3rd part product that would give you that information?
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24059781
An alternative *approach* perhaps.

The way Sonicwalls USED to work, you could, for free, turn on a SysLogD feed of *every* transaction on the box, and point it at a syslogd server to collect. Then you could find (Sonicwall used to distribute a cut-down version) a log analyssu program that would munge through that file and report on it. But it was a flat text file so you could write your own.

NOW you have to register the box for ViewPoint before you can enable the Syslog feed BUT I believe it is *still* a regular Syslog feed. So instead of pointing it at your ViewPoint server, you could point it at a plain ordinary SyslogD server, which will collect it in a flat text file as before, and then you can just use GREP to look for file downloads, for example.

I don't know if you could have the Syslog server forward a "tee" copy of the log onwards to the Viewpoint machine and thus run both.  You'd have to explore the options of SyslogD implementations.  Or ask in the Linux area.

0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question