Columns for flexible detail investigative reports
The table below describes the columns available for detail reports (see Flexible detail investigative reports).
Not all columns are available at all times. For example, if the User column is displayed, Group is not available; if Category is displayed, Risk Class is not available.
| Column Name | Description |
|---|---|
| User | Name of the user who made the request. User information must be available in the Log Database to include it on reports. Group information is not available in user-based reports. |
| Day | Date the Internet request was made. |
| URL Hostname | Domain name (also called hostname) of the requested site. |
| Domain | Directory service domain for the directory-based client (user or group, domain, or organizational unit) that made the request. |
| Group | Name of the group to which the requestor belongs. Individual user names are not given on group-based reports. If the user who requested the site belongs to more than one group in the directory service, the report lists multiple groups in this column. |
| Risk Class | Risk class associated with the category to which the requested site belongs. If the category is in multiple risk classes, all relevant risk classes are listed. See Assigning categories to risk classes. |
| Directory Object |
Directory path for the user who made the request, excluding the user name. Typically, this results in multiple rows for the same traffic, because each user belongs in multiple paths. If you are using a non-LDAP directory service, this column is not available. |
| Action | Action taken as a result of the request (for example, category permitted or category blocked). |
| Source Server |
IP address of the machine sending requests to Filtering Service. In standalone deployments, this is the Network Agent IP address. In integrated deployments, this is the gateway, firewall, or cache IP address. With the Hybrid Module, use this option to identify requests filtered by the hybrid service from both on-site (filtered location) and off-site users. |
| Protocol | Protocol of the request (for example, HTTP or FTP). |
| Protocol Group | Forcepoint URL Database group in which the requested protocol falls (for example, Remote Access or Streaming Media). |
| Source IP |
IP address of the machine from which the request was made. With the Hybrid Module, you can use this option to review requests coming from a specific hybrid filtered location. See Filtered locations. |
| Destination IP | IP address of the requested site. |
| Full URL | Domain name and path for the requested site (example: http://www.mydomain.com/products/itemone/) If you are not logging full URLs, this column is blank. See Configuring how URLs are logged. |
| Month | Calendar month the request was made. |
| Port | TCP/IP port over which the user communicated with the site. |
| Bandwidth |
The amount of data, in kilobytes, contained in both the initial request from the user and the response from the website. This is the combined total of the Sent and Received values. |
| Bytes Sent | Number of bytes sent as the Internet request. This represents the amount of data transmitted, which may be a simple request for a URL, or may be a more significant submission if the user is registering for a website, for example. |
| Bytes Received |
Number of bytes received from the Internet in response to the request. This includes all text, graphics, and scripts that make up the site. For sites that are blocked, the number of bytes varies according to the software creating the log record. When Network Agent logs the records, the number of bytes received for a blocked site represents the size of the block page. If the log record is created by Content Gateway, as a result of analysis, the bytes received represents the size of the page analyzed. See Content Gateway Analysis. If a third-party integration product creates the log records, the bytes received for a blocked site may be zero (0), may represent the size of the block page, or may be a value obtained from the requested site. |
| Browse Time |
An estimate of the amount of time spent viewing the site. See What is Internet browse time?. |
| Time | Time of day the site was requested, shown in the HH:MM:SS format, using a 24-hour clock. |
| Category | Category to which the request was assigned. This may be a category from the Forcepoint URL Database or a custom category. |
| Disposition Type | Whether the request was permitted or blocked. |