Hi All,
Configured dest_IP on Web Gateway, confirmed working by checking on logs.
Configured user-defined 1 column on Log Source settings
1. How can i see this new data on the Query and Reports?
2. Can we choose what log source to use when querying logs?
Thank you!
Solved! Go to Solution.
Have you looked at the log file to ensure the proper data is being sent to CSR? You can view the files under troubleshooting -> <proxy> -> log files -> user-defined-logs -> <logfilename> -> <log name>. Also make sure there is a header in the log file (can be defined in the log source definition)
If that is sent, and the header is there, make sure the header is defined the same in CSR. Log Source-> User-Defined 1 -> Populate this column -> Log file header -> <header> (for example, in our log we have a header 'referer', which is the 'header.request.get("referer") data, and in CSR the log file header says "referer")
Hope this helps
I'm assuming you're referring to Content Security Reporter...
In Queries & Reports, you need to do a Detailed Web Access report. If you choose a Chart Type of "Table", you can add "User defined # 1" column to the columns.
Under "Filter", you can find near the bottom one of two options "Log source name" to choose specific log sources, or "Log source type" to choose the type of log source to query on. I also suggest using a "Date and Time" field filter too - at least in the beginning to validate you get the data you need.
Thanks for the input, I was able to put the log source, and the user defined #1 column on the table, but it was not putting out any details. I used the log source filter and the new log source i created did not appear.
The job queue is showing that the log source is processing successfully, but not showing on the query, do you have an idea what seems to be wrong with it?
Have you looked at the log file to ensure the proper data is being sent to CSR? You can view the files under troubleshooting -> <proxy> -> log files -> user-defined-logs -> <logfilename> -> <log name>. Also make sure there is a header in the log file (can be defined in the log source definition)
If that is sent, and the header is there, make sure the header is defined the same in CSR. Log Source-> User-Defined 1 -> Populate this column -> Log file header -> <header> (for example, in our log we have a header 'referer', which is the 'header.request.get("referer") data, and in CSR the log file header says "referer")
Hope this helps
Thanks Aaron, the issue is now resolved. The McAfee document I used to create the Log source from web gateway is incorrect (missing " "). I've raised it with support and they will rectify, thanks for your help!
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA