In my last article, I introduced GFI WebMonitor 2009, the product of the latest 4sysops contest. Today, I will discuss its web monitoring features in more detail. If you want to have a chance to win a license for 500 clients worth 8,500 dollars, please refer to the end of the article.

Active Connections and Past Connections

Before you start configuring Web Filtering and Web Security, you should monitor the web activity of your users for a while. This will give you hints as to where the biggest problems are. The Activity Log gives you an overview of what kind of URLs have been accessed and by whom. WebMonitor enables you to monitor active connections and past connections. Hidden downloads, i.e. downloads unattended by the users (for example by applications), are displayed in a separate folder. Note that you will only be able to catch those downloads, if you have configured GFI WebMonitor as a gateway.

Statistical Data

It is also possible to access the statistical data of past web usage. You can access information about the bandwidth consumption of top sites, top users, and top categories. The top users’ statistics is only available if you enable user authentication in WebMonitor. By the way, the latter also works fine with Firefox. Categories are automatically assigned to web sites through GFI’s Webgrade database. I will say more about this feature in my next post.

The Sites History displays information about the top time consumption and the top hits count. Both statistics give you an idea about what users are doing when they access the web. If domains not related to the business of your company are among the top sites, then this might be of interest to your boss.

The User History will reveal the top surfers, the top hit counts (for each user), and the top policy breakers (GFI WebMonitor policies). If you don’t work with user authentication, then GFI WebMonitor will display IP addresses instead of user names. Please note that some countries do not allow storage of such personal data. In this case, you have to make sure that IP addresses can’t be ascribed to persons, for example by using short DHCP lease time periods.

Whitelist and Blacklist

GFI WebMonitor allows you to block web sites by adding URLs or domains to a blacklist. You can use wildcards if you want to block sub domains or even top-level domains. The latter makes sense if your users are supposed to access only specific web sites, for instance the sites of your company. Web sites in the Whitelist are accessible even if they are blocked by the Blacklist or by another WebMonitor filter. The Blacklist and the Whitelist may contain not only sites, but also IP addresses and Windows user names. Working with the Blacklist and Whitelist feature only makes sense if the number of sites allowed in your organization is small. If the employees in your company are supposed to use the web for their work, but not for private purposes, then you will need a more sophisticated web filtering solution. This will be the topic of my next post.

If you’d like to have the chance to win a GFI WebMonitor license for 500 clients worth 8,500 US dollars, please send an email to

with the subject line,

GFI WebMonitor.

Please give your full name and the name of your organization. The deadline for entering this contest is February 25, 2010.