|
Sawmill Discussion Forum
jnielsen
Member since Apr-21-10
4 posts |
Apr-21-10, 09:44 AM (PDT) |
    |
"Juniper Secure Access (SA) SSL Appliance Support"
| |
Hello All, Currently evaluating Sawmill to provide analytics for user access logs exported from Junipers SA SSL appliances. Using the Wizard, I selected the "Netscreen SSL Gateway Log Format", which provided a good number of summary reports that are very helpful. However, what I am specifically looking for is a user level report that shows each user session with supoporting information such as start time, end time, and duration. Does anyone know if this is available. Thanks in advanced |
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
 |
|
kate
Member since Jan-3-08
17 posts |
Apr-22-10, 01:12 PM (PDT) |
|
|
3. "RE: Juniper Secure Access (SA) SSL Appliance Support"
In response to message #0
 |
In the profile creation wizard, you are given the opportunity to bypass the autodetected format and choose another from a list. Choose "Juniper Secure Access SSL VPN Log Format". This plug-in supports the same format with different emphases. This plug-in expects syslog logging. The next step will be to manually select either the same syslog that was detected, or, if you don't use syslog, the special syslog plug-in labeled "No Syslog Header (use today's date, or use date/time from message)". If this plug-in just works for you, please let us know. If it doesn't, let us know that also. We can modify the plug-in to support your log version. Session reporting depends on very specific login and logout events, so if your format doesn't have these, we would definitely need to modify the plug-in. I hope this helps. Kate >Hello All,
>
>Currently evaluating Sawmill to provide analytics for user
>access logs exported from Junipers SA SSL appliances. Using
>the Wizard, I selected the "Netscreen SSL Gateway Log
>Format", which provided a good number of summary reports
>that are very helpful.
>
>However, what I am specifically looking for is a user level
>report that shows each user session with supoporting
>information such as start time, end time, and duration.
>
>Does anyone know if this is available.
>
>Thanks in advanced
|
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
|
|
|
jnielsen
Member since Apr-21-10
4 posts |
Apr-23-10, 06:25 AM (PDT) |
|
|
5. "RE: Juniper Secure Access (SA) SSL Appliance Support"
In response to message #3
| |
Kate, This is definitely a step in the right direction, the individual session report appears to be processing the data correctly to a point. It does appear that some of the sessions being reported are actually the combination of multiple sessions. The device logs look OK (each session has start and stop records), so it may be a processing issue. Does in make sense for me to give you guys a call to supply more details? Please let me know. |
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
|
|
kate
Member since Jan-3-08
17 posts |
Apr-26-10, 01:22 PM (PDT) |
|
|
6. "RE: Juniper Secure Access (SA) SSL Appliance Support"
In response to message #5
|
If the beginnings and ends of the sessions that are combined are all in the log data then there is probably something in the plug-in that can be changed to fix that. Yes, contacting support is the next step. We will need a sample of log data that demonstrates the problem. Your data will be treated confidentially. Please email the data to support@sawmill.net as a zipped attachment and include information in the email about how to identify the problem sessions. Please mention the forum thread and that you were working with me, and I will make sure it gets looked at. Kate >Kate,
>
>This is definitely a step in the right direction, the
>individual session report appears to be processing the data
>correctly to a point.
>
>It does appear that some of the sessions being reported are
>actually the combination of multiple sessions. The device
>logs look OK (each session has start and stop records), so
>it may be a processing issue.
>
>Does in make sense for me to give you guys a call to supply
>more details? Please let me know.
|
|
|
Alert | IP |
Printer-friendly page | Edit |
Reply |
Reply With Quote | Top |
|
|
|
|
|
Printer-friendly copy
, Apr-22-10, 10:38 AM, (1)
