Web Activity Monitoring for BYOD School

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Web Activity Monitoring for BYOD School

L1 Bithead

Hello All...

 

We are looking for a solution for a medium sized private school (k -12) to track users web activity. We'd want to be able to go back a week or so..nothing crazy. But would love to be able to get a report on a site\url and see what user visited that site and when. And of course, vice versa-- seek out a particular user and see what they visited and when.

Here's our infrastructure breakdown:

We are an Aerohive shop... half our devices we own, and about half are BYOD...where the students bring whatever. Includes Macs, Chromebooks, phones, PC laptops etc.

Our perimeter unit is a Palo Alto 3020- however, we do not authenticate users via the firewall. For url\category filtering, we base it all on IP address and what vlan\sub net you are on. Each school building has student, faculty and guest wireless subset. We authenticate wireless access via 802.1x using Archive radius enabled APs and our Active Directory...users are placed in the correct vlan based on AD group and Aerohive polices.

 

 

What I've done so far on our PAN for a basic test was to just configure a category for alerting ...shopping in this case..so that I can get some logging going. I then ran a report on my own IP. While the info is great, it doesn't tell me specifically "when" I visted a site. Also, if we wanted to run a report on a certain site to and capture what users visited that site in a givin time period...I don't see a way of doing that.  Also, if we were to enabel logging on all allowed categories for all connected users\subnet ranges, I'm cerain this would whack our performance..so not sure if that's even feasible. 

 

Anyway...just looking for a way to leverage our PAN is possible, and acheive the before-mentioned reports....or, if there are other better suited solutions out there.... would be great to hear about those too.  Thanks much....Dennis...

6 REPLIES 6

L6 Presenter

Hi...You may want to try running a User Activity Report on your IP and select 'Include Detailed Browsing'.  It will contain timestamps and browse time for that user.  

 

As for logging on all categories, that should not impact the PA by much.  I would recommend not logging CDN & web-ads categories since those may fill up storage, unless you really want to log those categories.

 

Thanks.

L1 Bithead

You may be able to tie usernames to IP addresses if your authentication server can send RADIUS accounting logs to the PA.  It's not 100% reliable but it seems to get the user attached to the IP the majority of the time.

Thanks Dave...that sounds interesting. Do you have a basic outline of how that would be acomplished?? Or point me to doc ...

 

Appreciated ,,,

Hello,

We're in the process of migrating from IntelliGO Networks to PaloAlto and need help with web activity monitoring (I'm a TA in a K-12 STEM-focused summer camp). Can I put timestamp for chronology in the user activity reports?

Arthur

 

 

Arthur James

Path access: https://live.paloaltonetworks.com/t5/Tutorials/Getting-Started-Custom-Reports/ta-p/69951 https://writemyessaytoday.net 

my page

Hi arthur yes i think you can timestamp chronology in user reports. Since the control of user activity requires an integrated approach with the application of policies for monitoring applications, which are usually used to bypass traditional security mechanisms. Palo Alto Networks next-generation firewalls recognize and control over 950 applications, regardless of port, protocol, SSL encryption or hidden (evasive) application characteristics. Once identified, the application, not the port or protocol, becomes the basis of all security policies, helping to regain full control. For policy-based application monitoring, a URL-Filtering database is provided to help track non-work user Internet activity.

Victor Drennan
Direct access: https://live.paloaltonetworks.com/t5/Tutorials/Getting-Started-Custom-Reports/ta-p/69951https://soclikes.com/

Hi Arthur. I think -yes, you can timestamp chronology in user reports. Since the control of user activity requires an integrated approach with the application of policies for monitoring applications, which are usually used to bypass traditional security mechanisms. 

Rafael Flores
Path access: https://live.paloaltonetworks.com/t5/Tutorials/Getting-Started-Custom-Reports/ta-p/69951https://viplikes.net/

  • 4409 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!