Tag Archives: log file configurations

CyBlock/Cyfin Release 9.2.3 Now Available

In Release 9.2.3, you will find several enhancements in the new version of CyBlock and Cyfin. In CyBlock Appliance, logon accounts can now be created for additional administrators as well as managers, allowing managers to generate their own reports. With the Logon Account feature, new account users will receive an e-mail with logon information. They can then log on with their logon name or e-mail address. This applies to CyBlock Software and Cyfin as well.

In Cyfin, many improvements have been made to log file configurations, such as adding new log file configurations, removing log file configurations that are no longer shipped with the product, improving the performance of log database configurations, and attempting to match all existing configurations when analyzing log files.

Other enhancements include updates to the Dashboard trend charts, Time Online metric, Visit Filter, memory settings, and Wavecrest root certificate. The enhancements are highlighted below.

Logon Accounts in CyBlock Appliance. The following features have been added:
- You now have the ability to add, modify, and delete logon accounts for administrators and managers (operator accounts) for reporting purposes.
- Go to User Management – Logon Accounts – Add to create a logon account.
  - You may create an account using Active Directory authentication if an Active Directory configuration exists in the product.
  - An e-mail is sent to the account user indicating that the account was created and providing logon information.
  - If the logon account was not created with Active Directory, a temporary password is provided which needs to be changed after the initial logon, before the product can be used.
  - Users can log on with their assigned logon name or e-mail address, or network credentials if you are using Active Directory.
- Go to User Management – Logon Accounts – Modify to modify previously established logon accounts.
  - If the Generate New Password option is selected, a Password Reset e-mail is sent to the user with a temporary password. The user will also receive a Password Changed e-mail after changing the password.
  - If the e-mail address is changed in the logon account, the user will receive the Account Created e-mail with new logon information.
- Go to User Management – Logon Accounts – Delete to delete previously established logon accounts.
Log File Configurations in Cyfin. The following features have been added:
- On the Data Management – Log Data Source – Setup screen, in the Type of Log File drop-down box, the following log file configurations have been added:
  - Fortigate 5.0
  - McAfee SaaS CSV (No Time Zone)
  - McAfee SaaS CSV (Time Zone)
  - SonicWALL Syslog
  - Symantec Cloud
  - WatchGuard Syslog*
  - WatchGuard Syslog (HTTP)*
  - WatchGuard Syslog (HTTPS)*
  - ZScaler CSV
  * For more information, see Selecting WatchGuard Log File Configurations in Cyfin.
- In the Type of Log File drop-down box, log file configurations have been removed as they are no longer shipped with the product. However, existing configurations will continue to work. If the removed log file configurations are needed, contact Technical Support.
Dashboard Trend Chart Comparisons. The following features have been added:
- In the trend charts, you can now compare the Web traffic for a predefined date range with a previous period to detect any anomalies in Web activity.
- The predefined date range is shown as a line series, and the equivalent previous period is shown as a filled series.
- A Tooltip shows activity by metric, such as Visits, as well as the percentage change in activity from the previous to the current period.
Dashboard Time Online Metric. The Time Online metric has been added to the Top Users and Trend Users Dashboard charts. Time Online is an approximation of the time that a user spends on the Internet, based on the time stamps from Internet requests made as the user browses Web sites, the average number of minutes for reading a specific Web site, and the time spent reading the last Web site before the end of the browse session.
Visit Filter. The Visit Filter is now enabled by default when upgrading the product or installing a new version. The default time period is set to 3 seconds.
Memory Settings. For new installations, the default memory setting is now 512 MB. For optimal performance, it is recommended that you choose the setting that is approximately half of your available memory (RAM).
Wavecrest Root Certificate. The root certificate has been updated to be more secure and to reduce errors or warning prompts. Existing customers will need to install the new certificate. For installation instructions, see Wavecrest Certificate Installation Guide.

There are also a number of corrections in this release. To see the full release notes for your product, visit our Web site or knowledge base. You can upgrade to the latest release by going to the Help – Check for Updates screen in your product.

For additional assistance, please feel free to contact us.

CyBlock/Cyfin Release 9.2.0 Now Available

In Release 9.2.0, we are thrilled to announce the availability of reporting for your CyBlock Hybrid deployment. With this feature, you can monitor live Web traffic, run reports, and view Dashboard charts on your cloud users. Another CyBlock feature in this release is the ability to use Safe Search with YouTube to block adult content.

For Cyfin customers, log file detection is available to assist you in quickly creating a log file configuration. Cyfin will analyze your log files to determine the log file format for you. The enhancements are described below.

CyBlock Hybrid Reporting. The following features have been added:
- When your local CyBlock installation is paired with your CyBlock Cloud account, the following occurs:
  - Cloud log files are imported nightly into the Report Database similar to your local logs.
  - Cloud log files are compressed when transferred.
  - A data configuration field is displayed on the following pages to allow you to view your cloud configuration, local CyBlock configuration, or all configurations if applicable.
    - Data Management – Log Data Source – Viewer
    - Data Management – Log Data Source – Revalidate
    - Data Management – Report Database – Import – Manual
    - Data Management – Report Database – Viewer
    - Data Management – Report Database – Delete – Manual
    - Real-Time Monitors – Web
    - Reports – Manager (all reports)
    - Reports – Dashboard (excluding Top Classifications, Top Coached, and Trend Classifications)
  - The cloud configuration is displayed as the pairing cloud server to which your local installation is connected, for example, cloud.cyblock.com.
- Real-Time Web Monitor. The Real-Time Web Monitor displays the Web traffic of your cloud users. Messages are displayed if sync communication is temporarily stopped, your CyBlock installation and cloud account are unpaired, or the pairing cloud server is down for some reason.
- Reports. Reports can be run to analyze the Web usage of your cloud users. Cloud reports are current as of the previous day. To get a report with the current day’s cloud data, you would need to perform a manual sync on the Settings – Hybrid screen, and then run the report. You can verify that cloud logs have been transferred by going to the Data Management – Log Data Source – Viewer screen.
- Dashboard Charts. Dashboard charts show cloud Web activity for the top users, groups, categories, and sites, and provide trending for users, groups, categories, and denied and allowed traffic.
CyBlock Safe Search for YouTube. The ability to enable Safe Search for YouTube has been added. When Safe Search and SSL Inspection are enabled, adult content is blocked on YouTube regardless of its Restricted Mode setting.
Cyfin Log File Detection. The following features have been added:
- On the Log Data Source Setup page, you have the option to manually select your log file type or have the system analyze your log files to detect the type.
- If you choose “Analyze,” you can browse to locate a log file, and the analysis will display the closest matching log file types.
- You can then select the log file type that is the closest match and continue the configuration process.
- If no matching log file types are found, a link is displayed so that you can upload a sample log file to Technical Support for analysis.

There are also corrections in this release for CyBlock as well as Cyfin. To see the full release notes for your product, visit our Web site or knowledge base.

If you are at version 9.0.5 or later, you can upgrade to the latest release by going to the Help – Check for Updates screen in your product.

If you are at version 6.8.3.a or earlier, you can download the latest release by going to CyBlock Software Downloads or Cyfin Downloads. To upgrade CyBlock Appliance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

For additional assistance, please feel free to contact us.

Cyfin Release 8.8.2 and CyBlock Release 6.8.2 Now Available

We are pleased to announce the release of new versions of CyBlock Appliance, CyBlock Software, and Cyfin. In this release, you will find significant enhancements to the products. For CyBlock, the first enhancement is the addition of a new screen that allows you to install client authentication certificates for the proxy so that it can connect to sites that require a nonstandard client certificate. The second enhancement involves a total revision of the Login Name Caching feature to allow more flexibility in the way user names are cached and cached entries are used. Also for CyBlock, domains that have issues when SSL Inspection is used can now be exempted from inspection.

Other enhancements in this release include the ability to import Active Directory Groups and IDs on a more frequent basis than once every 24 hours, and for Cyfin, we have made numerous changes to log file configurations. We also have a number of corrections in this release. The enhancements are described below.

SSL Certificates. This includes the following changes:
- The ability to install client authentication certificates for the proxy has been added so that the proxy can connect to sites that require a nonstandard client certificate. The proxy uses the installed client certificates when SSL Inspection is enabled to identify clients (Web applications) to Web servers.
- The Advanced Settings – Proxy Settings – SSL Certificates screen has been added to allow you to add a client certificate. On this screen, you assign domains and groups and/or IDs to the certificate so that the usage of the certificate is secured to only those domains and for those groups and/or IDs. All fields on the screen are required.
- As certificates are added, they are displayed in a list where you can enable/disable, edit, view, and delete each certificate.
Login Name Caching. This includes the following changes:
- The Advanced Settings – Proxy Settings – Login Name Caching screen has been updated to allow more flexibility in the way user names are cached and cached entries are used. The screen now consists of the following fields:
- Cache Mode – The following options are available:
  - Primary – In this mode, cache is used when connection requests are made. If a cache entry is not found or is invalid, authentication occurs and user names are added to the cache.
  - Supplemental – This option is the default and replaces the previous Enable option. If authentication fails or an entry in the Authentication Manager Bypassed list is accessed, the cache is used before the user name “bypassed.”
  - Disabled – In this mode, cache is never used, and all connection requests are authenticated. Entries in the Authentication Manager Bypassed list are given the user name “bypassed.”
- Duration of Valid Entry – This is the time in minutes that the entry will be available in cache before it is cleared. The default is two minutes.
- Exempt IPs – This box allows you to enter IP addresses that should be excluded from login name caching. Wildcards (e.g., asterisk (*)) in IP addresses are not matched and should not be used.
SSL Inspection. This includes the following changes:
- The Advanced Settings – Proxy Settings – SSL Inspection screen now allows you to specify domains to be tunneled, that is, exempted from inspection.
- Domains to be tunneled can be added or deleted.
- The list of domains to be tunneled will include specific entries from the URL List. These sites are known to have issues when SSL Inspection is used, and they cannot be deleted from the domain list.
Active Directory. The ability to import Active Directory Groups and IDs on a more frequent basis than once every 24 hours has been added. The Frequency field was added to the Advanced Settings – Groups and IDs – Import – Active Directory – Schedule screen allowing you to schedule the import hourly or at a specific hour.
Log File Configurations. This includes the following changes:
- On the Logfiles – Setup – Select Logfile Type screen, the Type of Logfile drop-down box has been updated as follows:
  - The following log file configurations have been added.
    - EdgeWave iPrism
    - NETGEAR
    - Palo Alto Firewall
    - Trustwave
  - The following log file configurations have been renamed.
    - 8e6 to 8e6 Appliance
    - BorderManager Proxy to BorderManager
    - BorderWare Firewall to BorderWare
    - Cisco Cache Engine to Cisco Content Engine
    - IronPort Appliance to IronPort
    - Nemesis Cache Proxy to SuperLumin Nemesis
    - NetCache Appliance to NetCache
    - Symantec Web Security to Symantec Web Gateway
  - The sort in the drop-down box has been changed to a case-insensitive sort. Previously, entries beginning with a lowercase letter were sorted last in the list, and entries with the first few letters in uppercase were out of order.
  - The following log file configurations have been converted to an XML format and allow the processing and better handling of more records. Previous and new reports may show differences in counts based on the number of records processed.
    - Barracuda Networks
    - Bloxx Proxy
    - Blue Coat Systems (SGOS 3 & 4 & 5)
    - Blue Coat Systems Common Format
    - CyBlock Appliance
    - CyBlock Proxy
    - Cyfin Proxy
    - EdgeWave iPrism
    - IronPort
    - McAfee Web Gateway
    - NETGEAR
    - Palo Alto Firewall
    - Squid Proxy
    - SuperLumin Nemesis
    - Webwasher Gateway V7

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Wavecrest Blog

The Latest news, tips and resources straight from the Wavecrest team.

Tag Archives: log file configurations

CyBlock/Cyfin Release 9.2.3 Now Available

CyBlock/Cyfin Release 9.2.0 Now Available