Searching Recent Activity

The Recent Activity Search section of the Search tab allows you to search the user activity logs By User (username or IP address), or to view users' activity By Site.

  1. On the Search tab sidebar, click the type of Recent Activity Search that you want to perform.

    There are three ways to search recent activity:

    • By User: Search by username or by the user's IP address.
    • By Site: Search by web address.
    • By Suspicious Activity: Search for attempts to contact malware command and control services
    • By User Timeline: Search usage by user for specific date ranges.
    Note
    Searches will only display users that the administrator has permission to see. However, if the administrator also has permission to search by IP address, then all users will be shown in the search results.
  2. On the Search Parameters sidebar, enter the criteria for your search:
    1. Set the Period to search by selecting one of the following options:
      • Today: Only activity recorded since midnight for the current day is searched.
      • Yesterday: Only activity recorded during the previous calendar day (midnight to midnight) is searched.
      • Last: From the drop-down list, select a time increment for the report. Then, in the text box, enter a number specifying the time period (for example, 7 days). Partial minutes, hours, weeks, days, and months count toward the total number specified. Time frames are defined as follows:
        • minutes: Any complete minutes within the specified span, plus the elapsed portion of the current minute.
        • hours: Any complete hours within the specified span, plus the elapsed portion of the current hour.
        • days: Any complete days within the specified span, plus the elapsed portion of the current day.
        • weeks: This includes any complete weeks (starting on Sunday of the first week) that fall within the specified span, plus the current week, up to the current day.
        • months: This includes any complete months (starting on the first day of the first month) that fall within the specified span, plus the current month, up to the current day.
      • Custom: Select the From and To date and time. Set the date by clicking on the calendar icon and selecting the date from the calendar pop-up dialog box. Set the time by positioning the cursor beside the hour, minute, or AM/PM setting, and using the up and down arrow buttons to select a time.
    2. Enter the User or Site for which you want to search.
      • If you chose to search By User, enter the username or user's IP address that you want information on, and select a Filter. If your Web Appliance is configured to access a stand-alone Active Directory server, enter the username that you want to search on; if the Web Appliance is configured to access the global catalog of a multidomain Active Directory forest, enter the username that you want to search on in the form "domain\username".

        Optionally, you can narrow the search results by selecting an individual status from the Filter by status drop-down list. You can also enter a specific web site in the Filter by site text box to view pages from that location that were viewed by the specified user.

      • If you chose to search By Site, enter the site name that you want information on; for example, domain.com/page.htm.

        You can also search by domain alone (e.g., "example.com"), and then refine your search further after reviewing the results. Optionally, you can narrow the search results, by selecting an individual status from the Filter by status drop-down list.

      • If you chose to search By Suspicious Activity, enter the username or user's IP address for which you want information. If your Web Appliance is configured to access a stand-alone Active Directory server, enter the username that you want to search on; if the Web Appliance is configured to access the global catalog of a multidomain Active Directory forest, enter the username that you want to search on in the form "domain\username".

        Optionally, you can enter a specific web site in the Filter by site text box to view pages from that location that were viewed by the specified user. You can also enter a reason in the Filter by Reason text box to view results for a particular reason. Only exact matches are supported in the Filter by Reason text box.

      • If you chose to search By User Timeline, results will group browsing within a domain for a continuous amount of time. This will display the top level domain under Site, The time range the user spent on the site under Time Frame, and the number of page requests under Requests. Clicking a site will open the By User search for the user, using that site for the Filter by site option.
    3. Click Search.

      The results are displayed in the content pane.

    Note
    To avoid redundant entries in the Recent Activity Search: By User list, the Web Appliance aggregates multiple instances of one user accessing the same URL within one minute.
  3. [Optional] To change the sort order of the results, toggle the up/down arrow icon that appears immediately to the right of any of the following column headers at the top of the list of entries.

Search results can often contain more than 150 pages of information. Despite the quantity, this may be only a small portion of the total data available. To see the complete results of a search, click Export, and view the results in another application.