Kerio Tech Firewall6 User Manual
Page 263
21.1 Monitoring and storage of statistic data
263
The statistics use data from the main database. This implies that current traffic of individual
users is not included in the statistics immediately but when the started period expires and the
data is written in the database.
Note: Data in the database used for statistics cannot be removed manually (such action would
be meaningless). In statistics, it is possible to switch into another view mode where data is
related only to a period we need to be informed about. If you do not wish to keep older data,
it is possible to change the statistics storage period (see above).
Requirements of the statistics
The following conditions must be met for correct function of all statistics:
•
The firewall should always require user authentication. The statistics by individual
users would not match the true state if unauthenticated users are allowed to access
the Internet. For details see chapter
•
For statistics on visited websites, it is necessary that a corresponding protocol inspec-
tor is applied to any HTTP traffic. This condition is met by default unless special traffic
rules disabling the particular protocol inspector are applied (see chapter
If the WinRoute proxy server is used, visited pages are monitored by the proxy server
itself (see chapter
).
Note: HTTPS traffic is encrypted and, therefore, it is impossible to monitor visited sites
and categories. Only volume of transferred data is included in the statistics for such
traffic.
•
For monitoring of web categories of visited websites, the ISS OrangeWeb Filter module
must be enabled.. In its configuration, the Categorize each page regardless of HTTP
rules option should be enabled, otherwise web categories statistics would be unreli-
able. For details, see chapter
.
Gathering of statistical information and mapped services
Connections from the Internet to mapped services on local hosts (or to services on the firewall
available from the Internet — see chapter
) are also included in user statistics. If a user is
connected to the firewall from the particular host, access to the mapped service is considered
as an activity of this user. Otherwise, such connection is included in activity of unknown users
(users who are not logged in).
The following example helps recognize importance of this feature. User jsmith is authenticated
at the firewall and connected to it from a local workstation. The RDP service for this host is
mapped on the firewall, allowing the user to work remotely on the workstation. If user jsmith
connects from the Internet to the remote desktop on the workstation, this connection (and
data transferred within the connection) will be correctly included in the user’s statistics and
quota.