Hide this message
Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.
Monitor proxy servers to track network users who attempt to access suspicious websites using partial or complete URL addresses. Configure your proxy server to log to your SolarWinds LEM appliance and set up the appropriate connector on your SolarWinds LEM manager.
Set your proxy server to log to your LEM virtual appliance to centralize its log data with your LEM events. You can integrate proxy servers from popular vendors such as Websense and Barracuda.
Because the integration process is different for each vendor, each proxy server is documented separately in the SolarWinds Success Center. If a knowledge base article is not available, contact Customer Support.
After you configure your proxy server to log to your LEM appliance, configure the corresponding connector on your LEM Manager. Many of the proxy server connectors are similar with some unique settings.
The following procedure describes how to set up a connector for a Websense proxy server. You can find instructions for additional firewall connectors in the SolarWinds knowledge base.
You can track when users attempt to access suspicious websites by partial or complete URL addresses by enabling the Known Spyware Site Traffic rule. This rule generates a
HostIncident event by default you can use in conjunction with the Incidents report to notify auditors that you are auditing critical events on your network.
Before you enable this rule, ensure your proxy server transmits complete URL addresses to your LEM manager by checking the URL field of any
WebTrafficAudit event generated by your proxy server. If your proxy server does not log web traffic events with this level of detail, check the events coming from your firewalls, as they can sometimes be used for this rule as well.
Known Spyware Site Trafficin the Refine Results search box.