Welcome to the second part of the How to Ensure Digital Safety with Netsweeper Series where we dive deep into the technical details of logging and reporting.
In the previous blog post, we took a high-level look at what Netsweeper has to offer schools and how policy management, reporting, and other features of our platform help schools meet the growing challenge of safeguarding students online.
So, let’s continue diving into some aspects of logging and reporting with Netsweeper that you may not be aware of.
What types of data are available in the Netsweeper platform?
The Netsweeper product is constantly logging all the activity going on a filtered system. It’s important to understand that there’s a two-pronged approach to logging and reporting. Logging, you take for granted that’s the hard work that we’re doing, where we’re capturing the traffic and logging that into a log file on the Netsweeper platform. That’s what then empowers us to generate different reports that are pulling from that logging data to help you visualize what’s going on on your system.
What types of reports can I create?
The two most common types of reports that anyone is going to use are demand reports and scheduled reports.
So, a demand report is a timeboxed report, where the concept is that it’s on demand. So perhaps you need to look at something very specific on your system, perhaps activity on a certain website, the nature of the content categories that people are going to, maybe what a specific user is doing, and you want to look at that over a specific point of time, maybe you’re doing some forensics.
The only difference between a demand report and scheduled report is that a demand report you define that report over a set period of time. So, if I want to report from last Monday to today for example, I could put that date range in.
Whereas a scheduled report you set it up to operate on an interval. For example, you could schedule a report to run on a daily interval and this will run every day and do the exact same thing as a demand report, but it will do it on a daily basis.
Most people probably use scheduled reports because you can have them emailed to you every day versus a demand report. Demand reports are useful for when you just need to come in and look at a specific point in time with some very specific criteria.
How long are log files stored on the Netsweeper platform?
So, when we work with our customers and partners to roll out a Netsweeper deployment, we’re looking at what their requirements are from a logging perspective and a reporting perspective.
We look at how much logging data they think they’re going to generate and how long they need to keep that data around for. Because Netsweeper is a software solution provider, we don’t provide appliances, we just provide the software that can be installed on whatever commodity hardware, physical, or virtual you may have. Part of our onboarding process with new customers is to understand how much data they need to store and that will dictate the amount of infrastructure they need to provide whether it’s a single server, whether it’s a sophisticated SAN solution, backups, and things like this.
So, those logging services can be specified uniquely to the needs of the customer and that includes if you need to log in a redundant fashion to multiple servers, that can all be configured You can go in and configure things like how you want to segment your log files, if you want to offload those log files to third-party systems, how long you want to keep those log files and things like this.
And the reporter (just like the logger) is also a modular component that can be separated from your core platform, and you can have dedicated servers that are logging, dedicated servers that are reporting, it really depends on the requirements of the customer.
We have very small deployments that are one single server doing all the policy management, running the WebAdmin, doing the logging, doing the reporting, but we also have very large, complicated deployments in large education networks or even in telecom networks where most of these components have been broken out onto dedicated platforms to ensure that they can be fully redundant and highly scalable.
These components are very modular which allows you to build them out to your specific requirements, saving you money not having to buy large expensive appliances and actually create a solution that can grow as your needs grow.
Log file retention policies
Filtering and monitoring all get logged to the core Netsweeper log files. These log files are highly configurable from a perspective of how long you want to retain them for, what you want to happen when those log files fill up, and where you’d like to rotate them to. You can also segment your log file data and actually log to different platforms if need be depending on the nature of the data.
In a multi-tenanted environment, it might mean that you segment your log files by each tenant, but you can segment the log files by any of the fields that are contained within the log file. So, it really creates the opportunity to create sophisticated logging platforms that are going to meet your needs.
Look out for Part 3 in this series where we’ll dive into onGuard, our content monitoring and alerting platform and how it helps schools meet safeguarding initiatives.