Netsweeper - Checking Logs

Modified on Wed, 22 May 2024 at 01:02 PM

This article provides information on checking logs on Netsweeper. For this article, you require:
- A Netsweeper account.


It is important to remember that while the logs may show an inappropriate site, this could have been a blocked advert or a process in the background. The logs should be used in parallel with safeguarding products such as Senso!



1) Go to your Netsweeper account and log in. (The URL is different for various schools.)



2) Go to Reports -> Custom Report.


3) Fill in the following fields:

Name - Whatever you wish to name the report.

Description - However you wish to describe the report.

Report Type - Keep it as Demand

Date Range - Placed in the from and to dates/times you wish to use. (Place at least 10 minutes before and after the incident to gain an accurate understanding from the logs.)


Filters - Select Add Filter and add in the field which you wish to filter by such as IP Address of the device (Client IP Address), Name of the device (Client Name). You can then set the CONDITION such as equal to and the VALUE of what you are searching for.


In most cases it is reliable to do:

For the filters, choose
Field: 'Client IP'
Condition: 'Equal to'
Value: (Found on your Netsweeper alert if that is what your investigating)



The report Output is set by selecting ADD REPORT DETAILS and then going to FIELDS and adding the columns you wish to view such as Date, URI and Search terms. If you are unsure, you should add every column.


To determine if something was blocked, look at the Denied Flag column and the Protocol column:

      These are the ones to look at:
      Denied Flag: Denied            Protocol: https Meaning: Access to the website or search results was blocked
      Denied Flag: Enabled          Protocol: https Meaning: Access to the website or search results was allowed

      These are the ones to ignore in this instance:
      Denied Flag: Denied            Protocol: decrypt Meaning: Access to the website or search results was packet inspected (has not affected on being blocked or not)
      Denied Flag: Enabled          Protocol: decrypt        Meaning: Access to the website or search results was NOT packet inspected (has not affected on being blocked or not)


Remember to click save.


Any questions please visit help.concero.education


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article