Hi,

Running Detailled reports weekly and monthly. I see that a particular user has xxx hits on this domain and xxx hits on that domain but the info I want is to know how bandwitdth this user used for that domain.

So, for user xxx, is there a way I can see how much data he transferred on domain xxx.com instead of only the # of hits ??

EDIT ; The purpose of this is to know if we shall block some domains or not... For example, *.msn.com has a really big number of hits but if those hits dont eat a lot of bandwidth, I dont care...

Try the UNTANGLE PLATFORM REPORTS, then ACTIVITY SUMMARY. Its not as much how much bandwidth that a user used, but how much was forced down his throat. MSN, Yahoo, CNN, FoxNews and anyone who wants to be a portal will stuff so much content down your throat that its ridiculous. Its all in hopes that you will stay on THEIR site so they can get advertising revenue. Don't forget that the pages are not static...they constantly update. Even if the user just parked there, he continues to eat bandwidth thanks to the portal itself.

I subscribe with MDH. Those sites with too much ads, do an auto refresh every now and then. :popcorn:

Try the UNTANGLE PLATFORM REPORTS, then ACTIVITY SUMMARY. Its not as much how much bandwidth that a user used, but how much was forced down his throat. MSN, Yahoo, CNN, FoxNews and anyone who wants to be a portal will stuff so much content down your throat that its ridiculous. Its all in hopes that you will stay on THEIR site so they can get advertising revenue. Don't forget that the pages are not static...they constantly update. Even if the user just parked there, he continues to eat bandwidth thanks to the portal itself.

This is exactly the question I was wondering. I've looked at the report you mention and as far as I can tell it just shows total bandwidth for the user, not for the sites.

Ideally I'd like a breakup of site by user in MB, or at a minimum total for sites in MB, so that I can decide if we block certain sites.

I understand what you're saying about shoving stuff down your throat. I'm trialling this at home and looking at the hits - facebook is about 10 times anything else. Only my wife uses it and generally only for a few hours a day!

Even with what you're asking, that's difficult. Let's say you go to MSN or CNN or FoxNews and load a web page. You'll have tons of hits AND tons of data for sites that you yourself never went to, but the page did. If you block those sites that you didn't ask for, the pages break and everybody is climbing down your throat for that too. If you use Firefox as your browser, download an addon called VIEW DEPENDENCIES. That will let you see all of the places you really went to from a web page and show you what kind of a uphill battle you're in.

This is the same question I've posted. But even if I go to MSN and there are 20 different domains feeding me content, they won't match the top 10 in bandwidth used for an IP. And if it does, even more the better to block ads if they are using that much bandwidth.

A top 10 of each IP/User would allow us to figure out which (sub)domains to block and possibly which are legit company sites. Right now I've blocked itunes.apple.com, which won't block other parts of Apple's site. Even if a particular domain isn't directly related to the one visited, usually a Google search will point to something - such as a domain a video sharing site uses for it's stream. Certain Akamai sites would be like that.

One of the reasons I went with this package is the detailed reporting feature and the ease of blocking sites. I am trying in our company to block/limit/cripple audio (mp3) streaming (among other things) , but with the literal hundreds of sites - it's a cat and mouse game trying to block all sites - and many use stealth practices to disguise themselves as normal web traffic, so traditional stream mime filters don't work.

With this bandwidth reporting feature, I (as admin) can go to the user and say; "Hey, I noticed you used a lot of bandwidth at abcdef.com and I found that to be a radio streaming site, against company policy." This domain would "float to the top" and be visible with this type of reporting tool because with what I've seen now, it might be at the bottom of the detailed list because it is only "clicked" once or twice.

Don't get me wrong - this product is excellent and my hats off to all those who contribute! I really started looking at this product after seeing the premium content filter of our Sonicwall. That subscription is over $1200/yr, so this product is an easy sell to the top. This reporting feature is about all I need to completely round out this package. Since bandwidth is already tracked, even a company wide Top-10/15/20 would be enough.

I'm playing with the iptraf tool on the command line to try and do this... it looks promising. Perhaps we simply have to wait for 6.0's new web interface and start building custom reports. From what I can see the data is being trapped in the database. It's just a matter of building a front end that lets us see it in the perspective we require.

I can't hardly wait version 6.0....and see what's new in terms of it's new web gui and other stuffs :) and Thank you so much for the Untangle Silver Bullet -- my greatest honor. More power to the Untangle Team! :)

I'm playing with the iptraf tool on the command line to try and do this... it looks promising.

If you'd like to share your commands, I can try a few things too and try to help out.

I haven't automated much yet as I'm new to the iptraf tool. But, it was giving me some interesting output that would be useful in some kind of report. At this point, it would make more sense to deal with this after the 6.0 launch because of it's openly customizable web gui.

Just hit SSH and type in iptraf<enter> and take a look...

After configuring it so Reverse DNS, Service names and Promiscuous to be on, I ran it and the information truly *is* interesting. I was able to look real-time at the network usage but had to manually resort packet usage (no big deal) and find the sites that were being used the most at that given second. Putting this into a sortable database would be the way to go. If something similar to this is incorporated into v6.0 - it would make this the most usable product I've tested by far. Are there any beta versions out there of v6 to test?

Edit: Signed up at "How to Sign up to become a Community Tester"