nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Need to extract top web users from TMG logs using LEM

hanif.solarwinds

Hi all,

We just purchased Solarwinds to for our log monitoring. There is new requirement to extract monthly top 10 web users through TMG 2010 logs using LEM. Just wandering if anybody using LEM for similar usage?

Find more posts tagged with

web reporting

solarwinds lem

microsoft_tmg_2010

Accepted answers

FormerMember

Hi Hanif,

I checked with the LEM connectors team and here are the fields we currently normalize for the most common events:

r-host - Host
s-operation - operation
sc-status - status
rule - Rule
c-ip - SourceMachine
r-ip - DestinationMachine
s-computername - DetectionIP
s-port - SourcePort
r-port - DestinationPort
cs-protocol - Protocol
cs-uri - URL
UrlCategory - Category
cs-userName – SourceAccount

As you can see, "bytes" is not included.

Two things:

Without the bytes field present, we can only go by the number of accesses to different URLs per user.
Even if the bytes field were present in the event, there are no reports in LEM that accumulate bytes to create this type of report. It MIGHT be possible to do so with a full version of Crystal Reports (if we were to add the bytes to the event somewhere), but we don't have anything that does this today. LEM reports are strictly based on event counts.

All comments

FormerMember

I'd try using the "Network Traffic Audit - Web Traffic by Source Machine" report. What this tells you is the most # of hits through the proxy server by source, but it doesn't tell you anything about duration of their surfing. If you need to know how long they were on certain sites, I don't think there's a good way to accumulate that data with LEM and the TMG logs.

hanif.solarwinds

Hi Nicole,

I would like to gather the amount of bandwidth used and details per authenticated users.

Current available TMG 2010 Web Proxy Log fields technet.microsoft.com/.../cc441708.aspx ARe these available to LEM when the connector configured?

In summary I like to use following 11 fields are selected for top usage reporting:

0 Client IP ClientIP c-ip

1 Client Username ClientUserName cs-username

4 Log Date logTime date

5 Log Time logTime time

7 Server Name servername s-computername

13 Bytes Received bytesrecvd cs-bytes

14 Bytes Sent bytessent sc-bytes

18 URL uri cs-uri

19 MIME Type mimetype cs-mime-type

20 Object Source objectsource s-object-source

36 URL Category UrlCategory UrlCategory

Best of regards

Hanif

FormerMember

I'm not sure where the body of my message went (I sent it via email), but I am looking into which fields we capture. That said, LEM won't accumulate bandwidth data in any of the reports, so we may have to address that issue separately.

hanif.solarwinds

Hi Nicole,

Are you saying LEM wont see Bytes Received and Bytes Sent fields for particular Client Username ?

How many field from current available TMG 2010 Web Proxy Log fields http://technet.microsoft.com/en-us/library/cc441708.aspx available through LEM?

Where can I find the complete list of items gathered by LEM from connector called 'TMG 2010 W3C Web Proxy' ?

Thanks in advance for your help.

Hanif