After Secure Web Gateway (SWG) starts proxying web access, it provides information that you can use to monitor threats and to fine-tune URL filters.
On a BIG-IP® system with Access Policy Manager®, SWG can provide logs and reports.
On a BIG-IP system with an SWG subscription, SWG can provide overview statistics in addition to logs and reports.
Secure Web Gateway (SWG) reports display statistical information about web traffic on your system. These details are available:
You can view Secure Web Gateway (SWG) statistics on the BIG-IP® system and adjust URL filters to handle new threats based on the information that you gather from logs and reports.
Before you begin, event logging should be configured. SWG reports and charts depend on event logging for URL filters. For event logging to occur, log settings must be configured and then specified in the access profile, and a Category Lookup item must be run in the per-request policy.
The Secure Web Gateway (SWG) overview provides multiple reports and charts that summarize the top requests, such as top URLs, top categories by blocked request count, top users by permitted request count or by blocked request count, and so on. The overview can be customized to show the specific type of data that you are interested in.
In addition to the reports and charts on the overview, SWG provides the All Requests and Blocked Requests reports and charts. The reports can be filtered to show the information that you want to see.
Secure Web Gateway (SWG) is configured to produce reports and charts.
The system updates the statistics for charts and reports at five minute intervals: at five minutes after the hour, ten minutes after the hour, and so on. Each five-minute mark includes data from the previous five minutes; so 12:45 includes data starting from 12:40:01 to 12:45:00.
Charts and data that you export from charts reflect the publishing interval of five minutes. For example, if you request data for the time period 12:40-13:40, the data in the chart or in the file that you export is for that time period. But if there is a request for data from 12:42-13:42, the data in the chart is from 12:45-13:45. By default, the BIG-IP® system displays one hour of data.
Secure Web Gateway (SWG) reports and charts for weekly, monthly, and yearly time ranges include statistics up through the previously completed hour. The system performs hourly updates to the aggregated statistics.