Home

Screen Shots

Configuration

Download Demo

Purchase Info

FAQ

Configuring LK Log Scan for Firewalls & Proxy Servers

Configuring LK Log Scan for Firewalls & Proxy Servers is simply a matter of configuring three text files:

• LKLogScanFPConfig.txt - An example configuration file.
• word_file.txt - An example of the kinds of words the program can search for in the log file. Be forewarned that most of the words in this file definitely don't belong in most businesses!
• ok_domains.txt - An example file that can be used to filter positive returns. Note the entries in this file. Contained within the domain names of each of these entries is the word 's e x'. To filter positive returns, this file can be used to screen out domains such as these that have been found to be OK.
• skip_domains.txt - An example containing domain names that you do not wish to see listed in the "Top Reported Users/Computers" section of the output report.

There are many ways to configure and use LK Log Scan for Firewalls & Proxy Servers.  Two of the more popular methods of using it are as follows:

• You may not want to search for words within the domain or URL of the log file, but might instead opt to be sent a report each day containing the following day's web usage.  This can be accomplished by leaving the word_file.txt file empty and by utilizing the days_to_subtract variable.
• Others might opt to search the log file each day for particular words that indicate that a user is visiting sites that they shouldn't be.  Making use of the word_file.txt file will accomplish this.
• Still others may wish to only be notified if a word in the word_file.txt file is found.  This can be accomplished by utilizing the notify_always variable.

If you chose to search the visited domain or URL for words within the word_file.txt file, you might need to spend some time "training" the program to ignore the sites your users visit that you do not have a problem with.  You do this by adding domains that you don't have a problem with to the ok_domains.txt file.  The more training you do, the more legitimate "hits" you will get.  In other words, you will gradually eliminate the domains your users visit that are OK and you will be left with reports that only show "problem" domains.

Usage Suggestions

LK Log Scan for Firewalls & Proxy Servers is a valuable tool to assist in finding web users who are not following a company's set Internet usage policy.  However, due to the rapidly changing state of the Internet and the many different domain names available, it is not likely that it will find each and every policy infraction.  It is only as good as the words you enter into it's database.  However, it is my belief that if you are using it to search for adult content related sites and you use the right words, eventually it will find it.

Other recommendations to consider:

• Have a clear Internet usage policy and have all employees sign it.  See below for links to some examples.
• When LK Log Scan finds entries in your log files that appear to violate your usage policy, go to the raw logs and investigate the log entries further.
• Keep words in the word file as short as possible. For example, use the word girl instead of girls. Use porn instead of porno. That way the program will find both.
• Look for patterns of Internet usage abuse.
  When problems are found, make sure and copy the log files to another location. Many firewalls and proxy servers will routinely delete old log files, as does ISA Server.
• Internet Usage Policy Links:
  http://techrepublic.com.com/5138-10634-5549585.html
  http://techrepublic.com.com/5100-6298-5054075.html