This article is for IT support.
You can use School Manager’s Advanced Search tool to investigate user connection activity. You can use Advanced Search to report on the sources of suspicious activity, check the effectiveness of filters, or find users who are violating school internet usage policies.
Each search will show subtotals of key criteria and a preview of your search results. Use the search results to refine your filter to get the data you need. Once you are satisfied with the results, you can download all the data or schedule the results to be emailed regularly.
The Advanced Search Interface
Go to Reports > Advanced Search to view the interface.
The Advanced Search interface has four sections:
A. Search Actions
The Dashboard options and their functionalities are:
|Load, Reload or Stop Search||
Once you have specified your filters, select this to generate or reload the report.
Selecting the X icon, you can cancel the search while the report is loading.
|Hide search filters||
Hides or shows the filters.
Hiding filters display the report in an expanded format.
A menu to:
B. Search Filters
Set a combination of criteria to search the history of your users’ connection activities.
|Hour of Day||Slider (24 hour format)||
The hours you want to search for connection activity. Slide the start and end to select a limited number of hours of the day in 24-hour format to the nearest hour.
For example, limit the results to school hours or limit results to the hours of a specific class time. Selecting 6 and 16 would search for traffic between 6 am and 4:59 pm on the From Dates you specify.
|Username||Dropdown list with Checkbox (Text)||
The users you want to investigate. Start typing the unique letters in the user ID to filter the dropdown list. The list only displays users with data during the selected From Date, so you don’t search for connection data that is not present.
Check one or more usernames to filter the search to specific users.
|Group||Dropdown list with Checkbox
The groups of users, such as students or year groups, you want to research. Start typing the name of the group to filter the dropdown list. The list only displays groups with data during the selected From Date, so you don’t search for connection data that is not present.
Check one or more group names to filter your results.
|Blocked||Yes or No (Checkbox)||
The filter status of the connection attempt. Limits the results to how the connection attempt was filtered:
|Agent||Dropdown list with Checkbox (Text)||
The users’ version of Linewize Connect (Chrome macOS or Windows). You can limit your results by the version of Connect installed on your users’ devices.
|Website||Conditional search (Text)||The domain associated with the connection attempt. Narrows down results by filtering one or more websites. Select a search function from the dropdown and enter a website.|
|Website Path||Conditional search
The path is the text after a web address. May identify the page, path or web application. Narrow down your results by filtering one or more patterns in the website path.
While you can select the path from the dropdown, we recommend using the conditional “Contains” or “Doesn’t Contain” to allow for other characters that are included in the website path as the user attempts to connect.
|Destination Address||Dropdown list with Checkbox (IPv4 or IPv6)||
The IP address the user was attempting to connect to.
Search for one or multiple destination addresses by selecting the checkbox.
You can type part of the IP address to limit the list of IP addresses you can select from.
|Destination Port||Dropdown list with Checkbox (Number)||
The port (if used) at the destination.
Search from one or multiple destination ports by checking the listed ports. You can also type a port number to limit the ports you can select from.
For example, ports 443 and 1194 may be commonly associated with encrypted traffic or a specific VPN. Or, you may notice port 3389, a common port for a remote desktop connection.
|Source Address||Dropdown list with Checkbox (IPv4 or IPv6)||
The address of the computer inside the School Manager monitored network.
Search for one or multiple source addresses by selecting the checkbox.
You can type part of the IP address to limit the list of IP addresses you can select from.
|Policy||Dropdown list with Checkbox (Text)||
The Filtering Policy applied to the connection attempt.
Select one or multiple Content Filtering Rules.
You can type part of the Policy name to limit the items you can select from in your list.
|Bypass Code||Conditional search (Text)||
A text and numeric code from Classwize allows users to access content typically blocked by a Filtering Policy. Limits the connection results to those made using the bypass codes you specify.
You can narrow down results by filtering one or more Bypass Codes. Select a search function from the dropdown and enter a Bypass Code. (See Classwize documentation for more information.)
|Category||Dropdown list with Checkbox(Text)||
The name of the parent content filtering Category used to group connection attempts.
You can narrow your results down by selecting one or multiple Categories. The search results will be filtered to match the Categories you specify.
You can type part of the Category name to limit the list of Category names you can select from.
|Sub Category||Dropdown list with Checkbox (Text)||
The names of the content filtering Categories used within a parent Category. Select a Sub Category to organize content and allow for more granular filtering.
You can narrow your results to the connection attempts in the Sub Categories you specify.
You can type part of the name to limit the list of Sub Category names you can select from.
|Application||Dropdown list with Checkbox
The name of the website service, app, or application associated with the connection attempt.
Search from one or multiple Applications to separate allowed and suspicious activity.
You can type part of the Application name to limit the list of Application names you can select from.
Application names can range from generalized, like “Education”, to specific, like “Khan Academy”.
|Machine Name||Conditional search
The computer name on the network, such as the Windows Workgroup name. Blanks allowed. It may be used where a shared computer has multiple users, like a library or lab computer.
Search from one or multiple machine names.
You can type part of the machine name to limit the list of names you can select from.
|Noise||Yes or No
Noise is network traffic, including network handshakes, pings, and ad trackers.
|Device||Dropdown list (Do not change)||Required. Leave the default Devices listed here. Changing the Device will remove all search data. The list of devices will show any associated child devices.|
|Indicator||Indicates the field options update with the search criteria. The contents in the dropdown or conditional search area only show the available data for the current search selections.|
|From Date||Calendar (YYYY/MM/DD)||
The days you want to search for connection activity. Double-click on a day to set a point in your date range. Single-click on the next date in the range.
We recommend starting with no more than 14 days to limit the number of records to a manageable amount. As you identify an activity, you can limit the date range to a single day to focus on the specific activity.
You are limited to a maximum of three months due to the volume of data that needs to be processed. Select a shorter date range if the Advanced Search displays an error message.
Several filter fields allow a conditional search, especially in text fields.
|Condition||Advanced Search usage|
Returns only results that are an exact match to the end characters in the field.
Review the column in the Search results and match the last characters, including symbols like .ru or .kz
Returns only result where no characters are expected in the field and a blank was recorded. A blank is different from zero and null.
Not recommended for the Advanced Search.
Use the number zero in number fields instead of blank. Fields like Website path will contain a slash / not a blank.
Returns only results where no data was recorded in the field.
For example, tablets connected to the network typically do not have a Machine Name, so the field would be null. You may combine the null Machine Name with the IP in the Source Address to find connection results for tablets.
Excludes results with the pattern of characters anywhere in the field.
Not case sensitive.
|Doesn’t start with||
Excludes results with the pattern of characters at the beginning of the field.
Not case sensitive. The characters, including symbols like the slash /, at the front of the string, must match.
|Is not blank||
Returns any results that contain any character or null data marker.
Not recommended. All records will be returned. All fields contain a slash, a zero or a null marker instead of a blank.
|Matches a user attribute||
Contact our Linewize Support for complex searches.
|Is||Returns only results that are an exact match to a string of characters, not case-sensitive.|
|Contains||Returns any results that contain your specified string of characters (may include numbers and symbols).|
Returns only results that are an exact match to the first characters in the field.
Review the column in the Search results and match leading characters like a slash /desktop.
The default search logic inside a single filter field is OR. The search logic between different fields is AND.
From Date (2021/12/06 - 2021/12/17)
AND Username (is firstname.lastname@example.org OR is email@example.com)
AND Policy (is Block Social Media OR is Block Gaming).
This would return connection attempts that either or both "student1" or "student2" made between 00:00 on 6th December 2021 and 23:59 17th December that were blocked because they violated content filtering rules prohibiting access to Social Media or Gaming.
C. Subtotal Tiles
Useful data is subtotalled in an overview above the Search Results table. Watch the subtotals change as you refine your search criteria.
- Unique Users - select the count to view a list of the unique Usernames appearing in this search
- Total Connection Results - a count of all the connection attempts matching this search
- Allowed Connections - a subtotal of the allowed connection attempts in this search
- Blocked Connections - a subtotal of blocked connection attempts in this search
- Tile actions - options to download or reset your results are displayed when you hover over the Search Results
Viewing Unique Users
Select the hyperlinked Unique Users subtotal to see a list of the User names associated with these search results.
You can download this list of only the User names. Alternatively, you can close this window and download all columns using the Search Results table below the subtotals.
D. Search Results
The bottom tile displays a preview table of the Search Results. The preview data is limited to 500 rows to ensure your on-screen searches can be completed within a reasonable amount of time.
- Date and Time
- Website Path
- Upload (bytes)
- Download (bytes)
- Destination Address
- Destination Port
- Source Address
- Sub Category
- Application (type or name)
- Machine Name
To organize the columns:
- Hover over a column heading
- Drag and drop the column to a different location.
To sort by date and time:
- Hover over the column heading you want to sort.
- Select the down arrow icon to sort by descending order.
- Select the up arrow icon to sort by ascending order.
The report may take up to a minute to generate, depending on the number of results.
Resizing the Columns
To resize the columns:
- Hover over the edge of a column heading. The cursor will change to double-sided arrows.
- Drag the column to increase or decrease the column width.
To view the column options:
- Hover over a column heading.
- Select the column options icon
Expanding the Column Options icon provides options to:
- Freeze: select this to anchor a table column to the left side of the chart. The frozen column remains visible on the left side during horizontal scrolling. Multiple columns can be frozen at any given time.
- Copy values: select this to copy all of the column values.
- Autosize all columns: select this to resize the width of each column to fit its column heading name or its longest data value, whichever is wider.
- Reset all column widths: select this to resize each column to its default width.