This article applies to:
Question:
- Why does the Dashboard counter show multiple TRACEnet hits for a single browsing event?
- Where can I see a detailed list of URLs that triggered TRACEnet action?
Information:
TRACEnet increments the "Threats Blocked" count on the dashboard each time a listed URL is requested through WebMarshal.
One visit to a site can result in more than one "threat blocked" entry.
- Browsers often request additional items such as the "favicon.ico" file in the background.
- Browser may request a blocked item again without user action.
To see a detailed list of the user sessions and items requested:
- Temporarily set the WebMarshal Engine logging level to Full (Console > Server and Array Properties > Advanced Settings).
- View the TRACEnet log file. This file is located within the WebMarshal install location on each processing node, in the Logging\WMEngine\ScanEngine\TRACEnet folder by default.
Notes:
Full logging uses significant resources. Trustwave recommends that you do not keep full logging enabled for extended periods.