Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Oct 2018
    Posts
    7

    Default Education (UK) reports for KCSiE

    Fellow Untanglers

    I support schools in the UK and this is my first school using Untangle.
    I've been given the task of achieving the following:

    - instant email alert when a specific list of webfilter categories have been visited (Pornography, Hate Speech...)
    - daily email report based on a specific list of web search terms (this could be a long list of 'particular' words)
    for example, this username used this (matched) search query term...

    I've created a report (in the Report App) based on the categories that I want to highlight, which works fine as a method of viewing historical events, however I now realise that you can't create an email report based on a 'report'. I'd love someone to tell me I'm wrong.
    I've also played with creating alerts when a web filter category has been accessed, but I have to create a separate alert for each category - no operator to say 'in' like you can with reports.

    (wishlist)
    The output of the alert is JSON, which I'm kind of used to now, but I'd really like the ability to format this output and choose which technical data is sent.

    Your help is much appreciated.

  2. #2
    Newbie
    Join Date
    Oct 2018
    Posts
    7

    Default

    Bump

  3. #3
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,588

    Default

    Most people schedule a daily e-mail that just includes a link to the report you want them to view.

    For instant alerting... many products claim to do this, but none really work the way you expect, because that's not how the internet works.

    For real internet traffic, one page view in your browser may involve 50 (or even more) separate http transactions. Each transaction is a completely separate event, where no event is in any way at all related to the others and no context for the event is available at the gateway. This is true even when the many transactions are all the result of clicking the same link in the browser to just load one simple screen. Each transaction must be categorized and processed separately, and there is no way at the firewall/gateway level to know which transaction was the "main" page. Only the web browser has this information; it's not even available at the operating system level, so an OS-installed agent isn't even good enough.

    The result is just one attempted page view of "bad" content can end up generating 50 or more separate e-mail alerts, and nobody wants that. Thankfully that's rare, because in the case or real "bad" content,the first transaction tends to be blocked, preventing many of the follow-ups. And because of false positives, unwanted ads, off-color avatars, etc, even just one page view of "good" content can still end up causing multiple alerts, too. The alert volume of accidental or false-positive violations vs deliberate tends to be pretty much the same, making it nearly impossible to distinguish between the two from basic alerting.

    This isn't about Untangle. All products in this category are working with the same underlying traffic issues and have the same problems. You'll never be able to gain meaningful insights from a simple daily report message, without also digging through traffic logs in a lot more depth.

    In fact, since these categories also tend to be blocked, I can promise you anything that shows up in the reports is almost always a red herring. The user didn't see that page, because the firewall blocked it. To find real user violation issues, you have to go and look at traffic that was *not blocked*, and because it was not blocked that means it also wasn't flagged in any report.

    And once more for those in back: this isn't an Untangle issue. It's just in the nature of the problem, and those products claiming otherwise are lying to you.
    Last edited by jcoehoorn; 10-26-2018 at 12:13 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.0 to protect 700Mbits for ~400 residential college students and associated staff and faculty

  4. #4
    Newbie
    Join Date
    Oct 2018
    Posts
    7

    Default

    Thank you for taking the time to write your informative reply. I understand where you're coming from, and perhaps I have to admit that I'm asking something that can't easily be done.

    In education we just want to be sure that we are doing everything within our power to keep children and staff safe when using the internet, plus protecting the network from unwanted activity.

    I'll continue to work away with what I've got and probably go down the route of some kind of parsing script to generate a meaningful daily email/report...

    I'm half way there with the category alerts, and to mitigate against the multiple emails I just set the threshold values.

    Thanks once again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2