cancel
Showing results for 
Search instead for 
Did you mean: 
haaris
Level 10

Ambiguity in Webgateway logs

I am using Webgateway 7.4.0 & the problem I am facing is that a block url is showing in both access log as well as denied log instead it should show only in denied log but it is showing in both.

Can anyone help me???

I can give you further details if anyone requires.....

0 Kudos
8 Replies
McAfee Employee

Re: Ambiguity in Webgateway logs

Access log contains all requests (the critieria for the logging rule is "Always").

The access denied log only logs blocked requests (criteria is status=403 or block.is>0).

Best,

Jon

0 Kudos
haaris
Level 10

Re: Ambiguity in Webgateway logs

Does that means webgateway is working fine??????????Is there any way to show that only allowed logs will considered as access log.

0 Kudos
McAfee Employee

Re: Ambiguity in Webgateway logs

Yes, Web Gateway is working fine.

I would not advise only showing the allowed, however you can just modify the criteria to achieve this.

Best,

Jon

0 Kudos
haaris
Level 10

Re: Ambiguity in Webgateway logs

what abt webreporter???how webreporter is showing the both access log as well as denied logs when we have configured only access log in webgateway for webreporter.............

0 Kudos
eelsasser
Level 15

Re: Ambiguity in Webgateway logs

The access.log contains a Block.ID(block_res). If a URL is allowed, the the value is 0. If it is blocked, then the value is a number based on the reason it was blocked.

This is how WebReporter or CSR knows about a block/allow. It only needs one log for both conditons.

0 Kudos
haaris
Level 10

Re: Ambiguity in Webgateway logs

We have webgateway to push only access log in webreporter but we are able to view both the access log as well as denied logs in webreporter,how is it possible plz help?????

0 Kudos
haaris
Level 10

Re: Ambiguity in Webgateway logs

This is access denied logs not configured for webreporter

Denied_log_Webreporter.JPG

Access log rule

Access_log.JPG

Access denied rule

Access_denied.JPG

This is access logs configured to push into webreporter

Access_log_Webreporter.JPG

As you can see from the above  attached images only access logs is enabled to push into webreporter & access denied log is disabled for webreporter.So,I am confused that how webreporter is able to receive both the logs.....

Kindly explain me.....

0 Kudos
sroering
Level 13

Re: Ambiguity in Webgateway logs

Access logs contain all requests (by default). That is to say that there is no criteria for the log writing rule.  The access denied rule has a criteria to only write blocked requests.

So the access logs are not only "Access allowed" logs.

0 Kudos