WebSpy Analyzer Standard

ShareShare on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on Reddit
WebSpy Analyzer Standard
Overall Rating: 4.5
Experience Date:Jul 15, 2004

Good:
EXCELLENT drilldown features, inexpensive related to other log analyzers, exports reports in multiple formats, responsive tech support
Bad:
Parts of the user interface lacking, tech support in Australia, a few bugs, extensive reports take FOREVER, reports aren’t that visually appealing, drilldown features break down over large time periods or many users

I decided on WebSpy for our internet traffic monitoring needs after extensive research and evaluation of several other products. WebTrends is what I know, and it makes quite nice reports, but it gets quite expensive (we were looking at around $4k for our implementation). Plus WebSpy has an add on called Live (see my other review) that is quite useful.
Our implementation has our firewall syslogging out to a Windows server. WebSpy Analyzer is installed on that Windows box and I login to it through terminal services to run reports and drilldowns. I haven’t used the reporting functionality of the product yet, mostly because it has never finished a report correctly. The reports just run and run and run (and I understand this when you’re trying to make sense of hundreds of megabytes of text log files) and then when they finish, they’re usually incomplete. Our needs are all met by the drilldown functionality though. Essentially, you give the application some criteria to filter on (your internal subnet, IPs, site categories, protocols, etc.) and then it shows you all the data in your logs and allows you to drill down on that data taking whatever path you want. For example, I can filter to show only the HTTP traffic from my internal network, and then choose users or sites (all sorted by one of any of the fields). This allows me to go in on a periodic basis and check for activity that is a liability to us. The categorization of URLs (Gambling, Advertising, Adult, etc.) is done via keywords in the URL only, so it’s far from perfect and doesn’t catch everything. It also has a significant number of false positives (imagine any URL with the word “adult” in it…obviously not an Adult site). But, if a user is engaging in a significant amount of illicit activity, drilling down will eventually uncover them. It fits our needs perfectly.
Their tech support is responsive and helpful, but it has to be via email, because it is in Australia. They had fixes for some bugs I had discovered out within weeks. The reports are not that pretty, but that’s not what I’m after.
WebTrends makes much nicer looking reports. The only other complaint I have is that it could be faster. It’s not awful, but when I’m analyzing a week’s worth of data, I can wait 10 seconds or so between clicking and the next level of drilling down (running on a Dual 1 GHz machine with 1GB RAM).
Bottom Line: if you’re looking for a product to keep an occasional eye on your internet activity for post-incident follow up, this is a great tool. One other thing, of course, I had to setup static IP addresses (I did through DHCP) and reverse DNS entries for the IPs to translate to hostnames (users). If one of my users reads this, they’ll probably be upset that Big Brother is watching them, but the risk of not analyzing your internet traffic is just too great.
Links:
Analyzer Standard Product Page

This entry was posted in Reviews and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *