Security Proxy Server Reports
To view a Security Proxy Server Report, you must first install and configure at least one Security Proxy server -- and be sure the activation file is installed, as described in the MSS Installation Guide.
After you install the Security Proxy server, refer to Using the Security Proxy Server to configure sessions to use the Security Proxy.
To view a report of the Security Proxy server activity, select a Report Type, a Security proxy server, and click SHOW REPORT.
Note
To add servers to the drop-down list, use the Configure Settings - Security Proxy panel to import a Security Proxy server.
Report types:
Current user activity
This report shows the date and time the report was created and the total number of current connections. The default view shows these results:
- Start Time: The time the session connected.
- Accepted At: The proxy IP address and port number on which the connection was accepted.
- Source: When Resolve client machine DNS name is
off
(the default), this column shows the client's IP address and port number. When client name resolution ison
, the client's DNS name and port are displayed. - Destination: When Resolve remote host DNS name is
on
(the default), this column shows the destination host's DNS name and port number. When host name resolution isoff
, the host's IP address and port are displayed. -
Authorization: The user or group ID under which the connection was authorized and the web server which authorized the user or group. The format is
<distinguished name>/<web server name>
.For example, if the access control model is None (end users log on as guest) and the server name is "hostname.example," the Authorization column displays
rwebgroup=guest/hostname.example.com
.
Use the Column Chooser to view more results:
-
ID: The connection identification code. A code is assigned to each active connection at the time the connection is made. The code is constructed from the proxy instance number (
p
), the thread number (t
), the connection number (c
), and for FTP connections the session number (s
). For example, a code for an FTP connection might bep1t52c8s8:
proxy instance 1, thread 52, connection 8, session 8. -
Client In: The total number of bytes read from the host during this connection.
-
Server Out: The total number of bytes written to the host during this connection.
-
Security: The TLS version and the cipher suite.
-
Protocol: The protocol (Emulation, FTP, or Pass Through) used in the connection. For FTP connections, the column also shows whether the control channel or active data transfer was involved.
Security Proxy server logs
For the selected Security Proxy server, this report shows each event that occurred from the time the first entry was written in the active log file to the time the report was requested.
Note that by default, the log file has a maximum size of 500 KB; when that size is reached, a new active log is started and this report shows activity from that time. You can change the maximum file size in the Security Proxy Wizard > Logging tab.
-
Time: The time at which the log entry was written.
-
Accepted At: The proxy IP address and port number on which the connection was accepted.
-
Source: When Resolve client machine DNS name is
off
(the default), this column shows the client's IP address and port number. When client name resolution ison
, the client's DNS name and port are displayed. -
Destination: When Resolve remote host DNS name is
on
(the default), this column shows the destination host's DNS name and port number. When host name resolution isoff
, the host's IP address and port are displayed. -
Authorization: The user or group ID under which the connection was authorized and the web server which authorized the user or group. The format is
<distinguished name>/<web server name>
. For example, if the access control model is None (end users log on as guest) and the server name is "hostname.example," the Authorization column displaysrwebgroup=guest/hostname.example.com
.
Use the Column Chooser to view more results:
-
Priority: The priority of the log entry: Info (information), Error, Debug, Audit, or Warn.
-
Protocol: The protocol (Emulation, FTP, or Pass Through) used in the connection.
-
Security: The TLS version and the cipher suite.
-
Message: A short description of the event. The code in brackets at the beginning of each message identifies the action taking place on the proxy server and uses the same format as the ID shown in the Current Activity report.
Connections per proxy server
This report shows the total current connections of all security proxy servers.
-
Security proxy address: The security proxy server and its associated port.
-
Security proxy current connections: Tthe count of current connections for that server.
Note
A single FTP session connecting through a security proxy server produces a count of three separate connections.