Logblog: More Web Proxy Log Tips

« Just What is Enterprise Class? Part I | Main | P3: Exploding Products, Partners and People »

More Web Proxy Log Tips

After publishing my proxy log tip (here), I figured I'd post a few more mini-tips on web proxy logging as well as a link to my full presentation (webcast with voice, slides only) on web proxy log management.

First, why look at proxy logs? Apart from my overall answer that applies to all logs, proxy-specific reasons are the following:

Review users’ activities on the web (not just surfing!)
Monitor applications' HTTP activity
Detect Web-enabled malware traffic
Study proxy performance metrics

Most people just focus on #1 above and kind of forget #2-#4. Also, the focus of #1 is often narrow - what do they surf at work?- and not broad - what do they do on the web? - which is much more useful. While there is no direct mention of proxy logs in recent regulations, monitoring what users do with YOUR data is clearly part of the compliance mandates (and, obviously, a good idea in general!) Indirect references to proxy logging can be seen in the following:

Proxy monitoring is part of the overall control and governance (thus SOX, HIPAA, GLBA, etc)
Legal requirements to have audit trails (thus HIPAA, PCI)
Breach disclosure laws also impact (SB1386 and others, soon US-wide)
On the flip side, privacy laws might mandate the opposite i.e. NOT having logs.

So, please treat proxy logs with the respect they deserve! Here is my full presentation (webcast with voice, slides only), on analyzing and managing web proxy logs.

Related posts: