Many Web administrators live in a state of blissful ignorance, unaware of the true health and performance of a Web site until users complain. Coradiant's TrueSight 1100 appliance actively monitors actual Web site traffic, giving Web managers a heads-up on problems before their users do.

The TrueSight device needs to be strategically installed in the delivery network to capture the appropriate data. This data capture is accomplished via a network tap, a mirrored port on a switch, or similar feature on a load-balancing device. We were disappointed the device did not contain its own network tap for easy installation.

Initial setup -- done with a command line interface via a serial connection -- is minimal and requires basic network settings, port information to later administer the box via Web interface, and a master security officer password for the box. In spite of a relatively secure security posture of the appliance in general, you can set a relatively weak password here.

The Web interface lets you enable the device to begin logging traffic. Data collected can be downloaded to a local system for offline analysis or sent via SNMP  to any monitoring system. Various session and user detection parameters can be set so captured traffic can be reassembled into a logical view of user activity. To do this you need to make sure your sites have distinguishing items to easily identify users.

However, because you might not always be fully aware of the range of changes in monitored Web applications, it would be helpful for the device to monitor traffic for new session-oriented cookies and URL patterns, and to alert you to apply them. If you are going to monitor static Web sites, you have to rely on timing and IP addresses to identify user patterns.

The TrueSight box collects potentially sensitive user data, and Coradiant does a reasonable job in securing the appliance. Access to the Web console is forced via SSL, and the box enforces very strong passwords. But we would have liked to see easily accessible usage reports and a richer ability to define access privileges for users.

Configured to monitor SSL traffic, TrueSight can decrypt user sessions when the appropriate keys are loaded. Even for approved users, decrypted traffic might be quite sensitive. To address this concern, TrueSight offers several confidentiality features. For example, captured data cookies, post parameters and Uniform Resource Identifier queries can be sanitized by hashing data into something less sensitive though still uniquely identifying. Values also can be deleted or the entire data item purged.