Need a report of all sites visited from a Windows 2008 R2 TS/RDP Server

On a Windows 2008 R2 server in a domain running RDP/Terminal services, I need a a utility or a good way to generate a report by day of the websites users have accessed when logged in remotely by RDP.

I suspect some of them are going to sites and possibly downloading where they shouldn't.

1. What's the best way to generate a report and track activity so I get that info?

2. After I determine the surfing activity, what's the best way to restrict it? We have a Sonicwall TZ210W firewall. I'm not sure if they have a feature that provides a report of sites visited by user and the ability to restrict them.

3. I'd also like to get a text log I cam quickly view that list all users and the time they logged in and out.

4. I'm also looking to block inbound access by country like block all non-US IP's from attempting to log in. We are getting some attempted hacks from outside that is being caught and blocked by security software I installed named Syspeace.
LVL 25
Tony GiangrecoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JaniLSCommented:
Sonicwall can log through viewpoint server, if licensed.

Content filtering is a good way to restrict what types of sites can be accessed, if Licensed.

If you have a basic SonicWall without any of these features licensed, you can purchase the Comprehensive Gateway Security suite which includes all of this and more. Sonicwall PN is 01-SSC-9247, if you google the part number you will see vendors selling it for much cheaper than SonicWall does directly.

Summary,

Comprehensive Gateway Security Suite Upgrade                  
     Gateway AV/Anti-Spyware/Intrusion Prevention/App Control/App Visualization      
     Premium Content Filtering Service      
     ViewPoint                  
     Dynamic Support 24x7

Gateway AV package scans all traffic at gateway level and blocks 90% of viruses from getting into typical small business networks

Premium Content Filter allows you to select by category which types of sites should be blocked such as p2p networks, porn, online poker, etc

Viewpoint allows you to install a logging server which you can run reports from to show who went where.

Dynamic support, well that is... support.

I don't work for SonicWall but we do use the TZ and NSA models at most of our clients and  
we use the Comprehensive Gateway Bundle at all of them. We may not use all of the features if the client isn't worried about web browsing, etc but the AV portion has cut down on malware so we do enforce that 100%.

Other options are a syslog program that can collect info from firewall etc and parse the info into usable reports or third party software on the termserver itself.

As for the non-US IPs I don't know of a great solution for that but one of the experts may chime in.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Hi TG-TIS,

My answers below:
1. What's the best way to generate a report and track activity so I get that info?
I'm not sure what "track activity" means...since it's vague and can mean many different things. Here are some options depending on what your looking to report:

A. Default Reporting. By default, if you log into the SonicWALL, then go to Log > Reports, you can click "Start Data Collection" (if not already enabled this will take some time to gather) and view reports in a very coarse manner:
Web Site Hits (e.g. a list of all websites w/corresponding hits: bing.com = 253),
Bandwidth Usage by IP Address (e.g. a list of all IPs & their corresponding Sent/Received Data: 192.167.45.60 = 33 MBytes),
Bandwidth Usage by Service (e.g. a list of all Services & their corresponding Sent/Received Data: SSH = 26 KBytes; HTTPS = 16 MBytes).

B. Detailed Reporting. ViewPoint (comes with CGSS) is very limited on per user resource tracking. Analyzer might be a better fit - it has a 30-day free trial so you can test drive it. Ultimately, you will need to take a look at this comparison chart to determine which reporting capabilities will meet your needs: https://www.sonicwall.com/us/en/products/Analyzer.html#tab=compare

2. After I determine the surfing activity, what's the best way to restrict it? We have a Sonicwall TZ210W firewall. I'm not sure if they have a feature that provides a report of sites visited by user and the ability to restrict them.
You should get Comprehensive Gateway Security Suite ("CGSS") for the all of its features but specifically to address your question here the Premium Content Filtering Service ("CFS"). CFS has categorized over 20 million URLs, IP addresses and domains in a continuously updated, dynamically rated database, with thousands more added daily. Because the ratings are determined both by artificial intelligence and human observation, the database is highly accurate and the instance of false positives is minimized. The policy-based system allows the administrator to block all pre-defined categories or any combination of categories, and to apply these policies on a granular level.

3. I'd also like to get a text log I cam quickly view that list all users and the time they logged in and out.
The only way to do this w/SonicWALL is to install SSO, below is an overview of how it works. Basically it authenticates user logins to the SonicWALL when users login to Windows. It has a TS agent integration too. This allows you to take full advantage of CFS by being able to apply aut logoff policies, only allow internet access by specific times of the day (e.g. 8a-5p or allowing social access from 12-1p and then restricting it before or thereafter, etc.). https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5946

4. I'm also looking to block inbound access by country like block all non-US IP's from attempting to log in. We are getting some attempted hacks from outside that is being caught and blocked by security software I installed named Syspeace.
CGSS comes with Geo-IP & Botnet Filtering. You can specify what IPs based on country to block via policy or block all except US. You can get very granular with each country. Here is more on Geo-IP filtering: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=8963

NOTE: In order to control Geo-IP filtering you must upgrade your firewall to 5.8.1.x or above. I'd recommend 5.8.1.13 currently.

Let me know if you have any other questions!
0
Tony GiangrecoAuthor Commented:
I will renewing the sonicwall subscription. There isn't enough in the budget for viewpoint.  We tried sso. Score and it involved to many changes to the system and users. Any suggestions on a free syslog app that work well with little maintenance needed?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Blue Street TechLast KnightCommented:
I will renewing the sonicwall subscription.
What subscription exactly? ViewPoint comes with CGSS. I'd recommend CGSS over any other SonicWALL service. It gives you the most bang for your buck plus support.

SSO is actually pretty easy to setup: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5952

Install the Agents: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5948

Configure the Agents: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5949

Try the 30-day free trail of the Analyzer. It's not free but the config is minimal.

Here are the sys-reqs: https://www.sonicwall.com/us/en/support/2213.html?fuzeurl=https://www.fuzeqna.com/sonicwallkb/ext/kbsearch.aspx?kbid=9695

Here's how to set it up: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=9710

Let me know if you have any other questions!
0
Blue Street TechLast KnightCommented:
Unfortunately, I can't give you recommendation outside of what I already have. I have not had experience with any free-ware apps that do what you're looking for.
0
Tony GiangrecoAuthor Commented:
I upgraded the firmware on the firewall Saturday and I will be renewing some of the subscriptions on the firewall this week. After that's done. I'll let you know if anything improves or if I need to try an additional solution.
0
Blue Street TechLast KnightCommented:
Sounds good, let me know how it goes!
0
Tony GiangrecoAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.