cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

222
Views
0
Helpful
2
Replies
Beginner

WSA WEB tracking report based on workstation or user

So I have a WSA S380 that does URL filtering and I have done WEB trackings for individual IP addresses from time to time.

Management is asking me for an Investigation of a specfic workstation name, to find out the Internet websites that workstation

has visited over the past month. We are running DHCP. Does the WSA access-logs contain the hostname and or the user name

in the file?

2 REPLIES 2
Cisco Employee

Re: WSA WEB tracking report based on workstation or user

Hi

 

1. The WSA access logs contains the username in almost all cases, because the user attempts to access the URL after logging to to system. When integrated with AD and ntlm or kerberos being used, all access requests will reach WSA with username.

2. In rare occurrences when the client machine attempts to reach out to internet before the user could login, only then will the request have machine name.

3. WSA will attempt to authenticate whatever came to it first (user or machine).

 

So the probability of seeing machine name in the access logs is rare.

 

Regards,
Ashish Varghese
*** Rate All Helpful Responses ***

Cisco Employee

Re: WSA WEB tracking report based on workstation or user

Hello,

 

For investigating a user's activity over the past month with the user ID, you can got to Reporting --> Users. Put in the user ID under the section "Users" , Click on "Find User ID or client IP" . Click on the userID and this should give you the URL categories that the user transaction matched and the Domains matched. Remember to Select the Time range as "30 days" on the top left. 

 

Thanks

Ash