search cancel

Reporting number of SEP WTR users accessing internet via WSS

book

Article ID: 189842

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

It is difficult for a WSS administrator to get an idea on how many SEP-WTR hosts are accessing the WSS services from the regular reporting pages.
Using the downloaded raw access logs does give options to get this info

Environment

SEP-WTR access methods enabled for users accessing WSS

Cause

lack of reporting feature in the product (being investigated at the current time)

Resolution

Assuming you download raw logs to a Linux/MacOS or Windows host capable of running bash scripts (https://cygwin.com/install.html), simply run the following command to get the count of all SEP-WTR users accessing the Proxy during the timeframe the logs were captured

$ grep sep-windows\  cloud_xxxx_yyyy.log |awk '{print $7}' |sort | uniq -c|sort -rn | grep -v non-interactive| wc -l
4525

This indicates that 4525 unique users accessed URLs via WSS during the time these logs were taken.

Note:
- xxxx is your tenantID, and
- yyyy is the timeframe the logs represent.

This is the default format for downloaded access log files from WSS.