Hello Everyone,

I am trying to develop Web usage reports for the NetIQ Sentinel 7
grouped by User and from the information received from BlueCoat Proxies.

In detail: The report should be a Top N Report(where N is the number of
For each of the N users i want to report the amount of information(Size
in bytes) downloaded or uploaded in a specific period of time.
For Ex -

User Upload Download
ABC 4.5Mb 37Mb
TOM 3.0Mb 21Mb

For this we have bluecoat proxies integrated with our Sentinel 7 system,
and the logs mentioned below flowing in. Consider the log given below

Feb 28 10:41:19 xx.xx.xx.6 200 TCP_HIT 1360740469 "*613" "29595*" 1.1
200 http img.ui-portal.de http://img.ui-portal.de/aaaa/yyyy/zzzz/xxx.jpg
80 /aaaa/yyyy/zzzz/xxxx.jpg "Search Engines/Portals" xx.xx.xx.124
yy.yy.yy.6 8080 *uid=TOM-0123*,ou=9162,ou=DE,ou=D3S,o=groupnsi -
ICAP_NOT_SCANNED "Mozilla/5.0 (Windows; U; Windows NT 5.1; de;
rv:x.x.x.x) Gecko/20101026 Firefox/3.6.12 (.NET CLR x.x.x)"

For each web access by TOM-0123 we have an event as shown above with
*613* bytes of Information flowing out(assigned cv27 in sentinel) and
similarly *29595* Bytes of information(assigned cv28) flowing in our

I want to add all these cv27 or cv28s generated by one particular user
and give web usage report by him for a specified time frame.

I hope I am amply clear.

Thanks in advance.


suvansh_lal's Profile: https://forums.netiq.com/member.php?userid=4742
View this thread: https://forums.netiq.com/showthread.php?t=47525