cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
irene14
Level 7
Report Inappropriate Content
Message 1 of 5
‎07-15-2019 06:11 PM

Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Hi All,

Configured dest_IP on Web Gateway, confirmed working by checking on logs.

Configured user-defined 1  column on Log Source settings

1. How can i see this new data on the Query and Reports?

2. Can we choose what log source to use when querying logs?

 

Thank you!

0 Kudos
Reply
1 Solution

Accepted Solutions
AaronT
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5
‎07-17-2019 05:34 AM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Have you looked at the log file to ensure the proper data is being sent to CSR?  You can view the files under troubleshooting -> <proxy> -> log files -> user-defined-logs -> <logfilename> -> <log name>.  Also make sure there is a header in the log file (can be defined in the log source definition)

If that is sent, and the header is there, make sure the header is defined the same in CSR.  Log Source-> User-Defined 1 -> Populate this column -> Log file header -> <header> (for example, in our log we have a header 'referer', which is the 'header.request.get("referer") data, and in CSR the log file header says "referer")

Hope this helps

View solution in original post

0 Kudos
Reply
4 Replies
AaronT
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 5
‎07-16-2019 08:30 AM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

I'm assuming you're referring to Content Security Reporter...

In Queries & Reports, you need to do a Detailed Web Access report.  If you choose a Chart Type of "Table", you can add "User defined # 1" column to the columns. 

Under "Filter", you can find near the bottom one of two options "Log source name" to choose specific log sources, or "Log source type" to choose the type of log source to query on.  I also suggest using a "Date and Time" field filter too - at least in the beginning to validate you get the data you need.

0 Kudos
Reply
irene14
Level 7
Report Inappropriate Content
Message 3 of 5
‎07-16-2019 03:37 PM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Thanks for the input, I was able to put the log source, and the user defined #1 column on the table, but it was not putting out any details. I used the log source filter and the new log source i created did not appear.

The job queue is showing that the log source is processing successfully, but not showing on the query, do you have an idea what seems to be wrong with it?

0 Kudos
Reply
AaronT
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5
‎07-17-2019 05:34 AM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Have you looked at the log file to ensure the proper data is being sent to CSR?  You can view the files under troubleshooting -> <proxy> -> log files -> user-defined-logs -> <logfilename> -> <log name>.  Also make sure there is a header in the log file (can be defined in the log source definition)

If that is sent, and the header is there, make sure the header is defined the same in CSR.  Log Source-> User-Defined 1 -> Populate this column -> Log file header -> <header> (for example, in our log we have a header 'referer', which is the 'header.request.get("referer") data, and in CSR the log file header says "referer")

Hope this helps

View solution in original post

0 Kudos
Reply
irene14
Level 7
Report Inappropriate Content
Message 5 of 5
‎07-17-2019 03:05 PM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Thanks Aaron, the issue is now resolved. The McAfee document I used to create the Log source from web gateway is incorrect (missing " "). I've raised it with support and they will rectify, thanks for your help!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC