Wfquery

Latest revision as of 15:46, 8 May 2023

[edit] 1 Internet Usage Monitoring

The "Internet Usage Monitoring" module records internet activities, including:

Web Surf
Web Post
Outgoing Emails
Incoming Emails
File Upload History
File Download History
IM Accounts
FTP/Telnet Sessions
IP-MAC History
Connection Details

This module works both in "gateway mode" and "bridge mode". Enterprise license is required.

[edit] 2 Recording Policy

For every client, multiple policies can be applied. For example:

A policy: record web surfing for a whole subnet.
B policy: enable "email recording" for a special IP in this subnet.

For this ip, both "web surfing recording" and "email recording" will be enabled.

Detailed "recording policy" settings are described in below.

[edit] 2.1 Web Recording

Web Surf: record titles of visited web pages for http websites. For https websites, only domains will be recorded in default. To record https webpages, please check "SSL Inspector".
Web Post: record web post content for http websites. To record https websites posts, please check "SSL Inspector".
Web Post Size Limit: no recording of web post exceeds size limit.
Smart Filter: With this feature enabled, WFilter will not record visits by non-human. (Not 100% accurate)
Domains Exception: no recording of domains in the exception list. Wildcards "*?" are supported.

[edit] 2.2 Email Recording

Emails supported: SMTP, POP3, IMAP4 and outgoing web-based emails.
For emails exceed size limit, only subject/from/to will be recorded.
To record ssl emails(SMTP/POP/IMAP over SSL), please check "SSL Inspector".

[edit] 2.3 File Transfers

File transfers supported: FTP upload, FTP download, Web download, Web upload.
WFilter only records filenames/URLs of downloaded files. While full file content can be recorded for uploading files.
For uploading files exceed size limit, only filenames can be recorded.
To record files via https, you need to enable "HTTPS Inspector".

[edit] 2.4 Others

Options to enable IM acounts and FTP/Telnet sessions.

Only QQ messenger IDs can be recorded.
When "FTP/Telnet Sessions" is enabled, sent FTP/Telnet commands can be recorded.
IP-MAC History: daily IP-MAC address history.
Connections: detail of TCP connections history.

[edit] 3 Advanced Settings

[edit] 3.1 System

IPv6: enable recording of IPv6 activities.
Database Commit: the database commit frequency.
Additional Webmail Domains: Custom webmails to be recorded.
Protocol Ports, customize protocols ports for HTTP, HTTPS, POP3, IMAP4 and SMTP.

@@ Line 4: / Line 4: @@
 * Web Surf
 * Web Post
-* HTTPS Inspection
 * Outgoing Emails
 * Incoming Emails
-* SSL Email Inspection
+* File Upload History
+* File Download History
+* IM Accounts
+* FTP/Telnet Sessions
+* IP-MAC History
+* Connection Details
 This module works both in "gateway mode" and "bridge mode". Enterprise license is required.
+[[File:Wfrecorder_query1.png|800px]]
+[[File:Wfrecorder_query2.png|800px]]
+[[File:Wfrecorder_query3.png|800px]]
+[[File:Wfrecorder_queryftp.png|800px]]
+[[File:Wfrecorder_queryim.png|800px]]
+[[File:Wfrecorder_querysessions.png|800px]]
+[[File:Wfrecorder_querysessions.png|800px]]
+[[File:Wfrecorder_queryconnections.png|800px]]
 == Recording Policy ==
@@ Line 15: / Line 35: @@
 For every client, multiple policies can be applied. For example:
 * A policy: record web surfing for a whole subnet.
-* B policy: enable "https inspection" for a special IP in this subnet.
+* B policy: enable "email recording" for a special IP in this subnet.
-For this ip, both "web surfing recording" and "https inspection" will be enabled.
+For this ip, both "web surfing recording" and "email recording" will be enabled.
-Besides the applied to "clients" and "time", detailed "recording policy" settings are described in below.
+Detailed "recording policy" settings are described in below.
 === Web Recording ===
-* '''Web Surf''': record titles of visited web pages for http websites. For https websites, only domains will be recorded. To record https webpages, please enable "HTTPS Inspector".
+* '''Web Surf''': record titles of visited web pages for http websites. For https websites, only domains will be recorded in default. To record https webpages, please check [[Sslinspect|"SSL Inspector"]].
-* '''Web Post''': record web post content for http websites. To record https web posts, you need to enable "HTTPS Inspector".
+* '''Web Post''': record web post content for http websites. To record https websites posts, please check [[Sslinspect|"SSL Inspector"]].
 * '''Web Post Size Limit''': no recording of web post exceeds size limit.
-* '''HTTPS Inspector''': This feature enables you to inspect surfing and posting content for https websites. Please check: [[#SSL Inspection]]
 * '''Smart Filter''': With this feature enabled, WFilter will not record visits by non-human. (Not 100% accurate)
 * '''Domains Exception''': no recording of domains in the exception list. Wildcards "*?" are supported.
-[[File:Wfrecorder_setweb_en.png|650px]]
+[[File:Wfrecorder_setweb_en2.png|650px]]
 === Email Recording ===
@@ Line 33: / Line 53: @@
 [[File:Wfrecorder_sermail_en.jpg|650px]]
-* Emails exceed size limit will not be recorded.
 * Emails supported: SMTP, POP3, IMAP4 and outgoing web-based emails.
-* If "SSL Emails Inspector" is disabled, only plain SMTP, POP3, IMAP4 and http web-based emails can be recorded.
+* For emails exceed size limit, only subject/from/to will be recorded.
-* To record ssl emails(SMTP/POP/IMAP over SSL), you need to enable "SSL Emails Inspector" option. Please check: [[#SSL Inspection]]
+* To record ssl emails(SMTP/POP/IMAP over SSL), please check [[Sslinspect|"SSL Inspector"]].
-* STARTTLS of SMTP/POP3/IMAP can not be recorded.
-== Advanced Settings ==
+=== File Transfers ===
-[[File:Wfrecorder_advanced_en.jpg]]
+[[File:Wfrecorder_settings_ftp.png|650px]]
-=== SSL Certificate ===
+* File transfers supported: FTP upload, FTP download, Web download, Web upload.
-* This "SSL Certificate" will replace remote server's certificate for SSL interception.
+* WFilter only records filenames/URLs of downloaded files. While full file content can be recorded for uploading files.
-* When "HTTPS Inspector" is enabled, there will be a certificate warning in the client browser. You may download and import this certificate into "trusted root certification authorities store" to silence client browser.
+* For uploading files exceed size limit, only filenames can be recorded.
-* You can click "Replace" to generate a new certificate.
+* To record files via https, you need to enable "HTTPS Inspector".
-=== System ===
+=== Others ===
-* '''Enable Debug''': write debug logs for diagnose.
-* '''Monitoring Cache''': cache for packet monitoring.  On "Automatic", cache will be calculated according to WAN bandwidth defined in "Bandwidth"->"Shaper".
-* '''Database Commit''': reserved.
-== SSL Inspection ==
+[[File:Wfrecorder_settings_other.png|650px]]
-SSL Inspection is based on [[https://en.wikipedia.org/wiki/Man-in-the-middle_attack  Man-in-the-middle attack]]. It redirects SSL connections to a local SSL server, so it can intercept the ssl traffic. Though it can decode SSL traffic, there are some disadvantages you should know:
+Options to enable IM acounts and FTP/Telnet sessions.
-* Performance issue. Please check: [[SSL_Performance|SSL Inspector Performance]]
+* Only QQ messenger IDs can be recorded.
-* Certificate warning issue. With https inspector enabled, there will be certificate warning. To silence client browser, please follow below steps to import WFilter's certificate into "trusted root certification authorities store" in client devices.
+* When "FTP/Telnet Sessions" is enabled, sent FTP/Telnet commands can be recorded.
+* IP-MAC History: daily IP-MAC address history.
+* Connections: detail of TCP connections history.
-=== HTTPS Inspector ===
+== Advanced Settings ==
-* There will be a certificate warning when visiting https websites. You may choose "continue to this website" to access this site, web surf and post will be recorded.
-[[File:Wfrecorder_cert_01.png|600px]]
-To get rid of this certificate warning, please follow below steps:
-* Download WFilter's certificate
-[[File:Wfrecorder_cert_02.png|450px]]
-* Double click the "ca.crt" file, click "Install Certificate" and "Next". Enable "place all certificates in the following store" and choose "trusted root certification authorities". Then "Next" and "Finish".
-[[File:Wfrecorder_cert_03.png|450px]]
-* The certificate warning won't appear again.
-[[File:Wfrecorder_cert_04.png|600px]]
-* And this https visiting will be recorded.
-[[File:Wfrecorder_cert_05.png|600px]]
-=== SSL Email Inspection ===
+=== System ===
-There are three types of email connection.
+* '''IPv6''': enable recording of IPv6 activities.
-* Plain text, emails can be recorded without "SSL Email Inspection".
+* '''Database Commit''': the database commit frequency.
-* STARTTLS, even "SSL Email Inspection" can not record it.
+* '''Additional Webmail Domains''': Custom webmails to be recorded.
-* SSL/TLS, with "SSL Email Inspection" enabled, emails via SSL connections can be recorded.
+* '''Protocol Ports''', customize protocols ports for HTTP, HTTPS, POP3, IMAP4 and SMTP.
-Let's take "Mozilla Thunderbird" as an example:
-[[File:Wfrecorder_ssl_01.png]]
-Please notice: to record https web emails, you need to enable "HTTPS Inspector" for this https website.
-=== SSL Inspection for Mobile ===
+[[File:Wfrecorder_advanced_en2.png]]

Wfquery

Latest revision as of 15:46, 8 May 2023

Contents

[edit] 1 Internet Usage Monitoring

[edit] 2 Recording Policy

[edit] 2.1 Web Recording

[edit] 2.2 Email Recording

[edit] 2.3 File Transfers

[edit] 2.4 Others

[edit] 3 Advanced Settings

[edit] 3.1 System

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Tools