cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
irene14
irene14
Level 7
Report Inappropriate Content
Message 1 of 5
‎07-15-2019 06:11 PM

Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Hi All,

Configured dest_IP on Web Gateway, confirmed working by checking on logs.

Configured user-defined 1  column on Log Source settings

1. How can i see this new data on the Query and Reports?

2. Can we choose what log source to use when querying logs?

 

Thank you!

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
AaronT
AaronT
Level 9
Report Inappropriate Content
Message 4 of 5
‎07-17-2019 05:34 AM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Have you looked at the log file to ensure the proper data is being sent to CSR?  You can view the files under troubleshooting -> <proxy> -> log files -> user-defined-logs -> <logfilename> -> <log name>.  Also make sure there is a header in the log file (can be defined in the log source definition)

If that is sent, and the header is there, make sure the header is defined the same in CSR.  Log Source-> User-Defined 1 -> Populate this column -> Log file header -> <header> (for example, in our log we have a header 'referer', which is the 'header.request.get("referer") data, and in CSR the log file header says "referer")

Hope this helps

0 Kudos
Reply
4 Replies
AaronT
AaronT
Level 9
Report Inappropriate Content
Message 2 of 5
‎07-16-2019 08:30 AM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

I'm assuming you're referring to Content Security Reporter...

In Queries & Reports, you need to do a Detailed Web Access report.  If you choose a Chart Type of "Table", you can add "User defined # 1" column to the columns. 

Under "Filter", you can find near the bottom one of two options "Log source name" to choose specific log sources, or "Log source type" to choose the type of log source to query on.  I also suggest using a "Date and Time" field filter too - at least in the beginning to validate you get the data you need.

0 Kudos
Reply
irene14
irene14
Level 7
Report Inappropriate Content
Message 3 of 5
‎07-16-2019 03:37 PM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Thanks for the input, I was able to put the log source, and the user defined #1 column on the table, but it was not putting out any details. I used the log source filter and the new log source i created did not appear.

The job queue is showing that the log source is processing successfully, but not showing on the query, do you have an idea what seems to be wrong with it?

0 Kudos
Reply
Highlighted
AaronT
AaronT
Level 9
Report Inappropriate Content
Message 4 of 5
‎07-17-2019 05:34 AM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Have you looked at the log file to ensure the proper data is being sent to CSR?  You can view the files under troubleshooting -> <proxy> -> log files -> user-defined-logs -> <logfilename> -> <log name>.  Also make sure there is a header in the log file (can be defined in the log source definition)

If that is sent, and the header is there, make sure the header is defined the same in CSR.  Log Source-> User-Defined 1 -> Populate this column -> Log file header -> <header> (for example, in our log we have a header 'referer', which is the 'header.request.get("referer") data, and in CSR the log file header says "referer")

Hope this helps

0 Kudos
Reply
irene14
irene14
Level 7
Report Inappropriate Content
Message 5 of 5
‎07-17-2019 03:05 PM

Re: Added a custom Log Field Reports - How to add on Query and Report

Jump to solution

Thanks Aaron, the issue is now resolved. The McAfee document I used to create the Log source from web gateway is incorrect (missing " "). I've raised it with support and they will rectify, thanks for your help!

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC