cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

McAfee WebReporter and LogFiles

Hi,

some weeks ago we started with WebGateway 7 and finished configuration in the main parts. But it do not run in real buisiness now, this will happen in the next quarter of this year. Parallel to the introduction of WebGateway we had to configure the new WebReporter - the version here is 5.2.0.01 Build 1096.

After some problems and difficulties everything is running fine now... BUT it seems, that WebReporter can not recognize the information in the LogFiles. After running the job, WebReporter notifys, that everything wents fine and finishes with 100%. But -for example- Log Records proceed 3.539, elapsed time 0 seconds and recognized mistakes 3.538. This numbers did have at every attempt the same proportions, the recognized mistakes did have every time one less than the proceed LogRecords. See the Screenshot (in German), too.

I think the problem is in the LogFile-configuration on the side of the WebGateway-Appliances. But perhaps I am wrong.

If anyone knows an answer please be so kind to write it in this posting.

Regards

Michael S-W

8 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: McAfee WebReporter and LogFiles

Hello Michael,

I think your assumption is right. Something in the log file structure is not accepted by Web Reporter. Are you able to provide a few lines of your access.log?

Best,

Andre

Highlighted

Re: McAfee WebReporter and LogFiles

Hi Andre,

I prepared a screenshot, but I think, I have no possibility put in an answer to your response. So I copied some lines as you propse.

First you see the header:

#src_ip "auth_user" time_stamp "req_line" status_code bytes_from_client bytes_to_server bytes_from_server bytes_to_client "user_agent" "attribute" "media_type" “user_defined_policy” "virus_name" "dom" "policy"  “current_rule_name”

And now some rows:

172.16.XX.XX [28/Jun/2011:14:32:31 +0200] GET http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=407&u... HTTP/1.1 407 477 0 0 3127 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; Windows-Media-Player/12.0.7601.17514) 0  0    Requesting NTLM-Agents

172.16.XXXX[28/Jun/2011:14:32:31 +0200] GET http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=407&u... HTTP/1.1 407 561 0 0 3427 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; Windows-Media-Player/12.0.7601.17514) 0  0    Requesting NTLM-Agents

172.16.XXXX xxxx [28/Jun/2011:14:32:31 +0200] GET http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=407&u... HTTP/1.1 302 1193 523 721 792  0  0  STADT W-Allgemein Allow URLs that Matches in List Response Whitelist in Cycle Response

172.16.XXXX xxxx [28/Jun/2011:14:32:31 +0200] GET http://onlinestores.metaservices.microsoft.com/serviceswitching/AllServices.aspx?sv=5&version=12.0.7... HTTP/1.1 200 506 545 865 955  0  0  STADT W-Allgemein Allow URLs that Matches in List Response Whitelist in Cycle Response

172.16.XXXX xxxx [28/Jun/2011:14:32:33 +0200] GET http://images.windowsmedia.com/svcswitch/MG_de-de.xml HTTP/1.1 200 380 485 167 1422  0 text/xml 0  STADT W-Vollzugriff-URL-Category FIN

172.16.XXXX [28/Jun/2011:14:32:57 +0200] GET http://crl.microsoft.com/pki/crl/products/WinPCA.crl HTTP/1.1 407 174 0 0 2826 Microsoft-CryptoAPI/6.1 0  0    Requesting NTLM-Agents

172.16.XXXX [28/Jun/2011:14:32:57 +0200] GET http://crl.microsoft.com/pki/crl/products/WinPCA.crl HTTP/1.1 407 258 0 0 3142 Microsoft-CryptoAPI/6.1 0  0    Requesting NTLM-Agents

172.16.XXXX xxxx [28/Jun/2011:14:32:57 +0200] GET http://crl.microsoft.com/pki/crl/products/WinPCA.crl HTTP/1.1 200 906 235 1014 1080  0  0  STADT W-Allgemein Allow URLs that Matches in List Response Whitelist in Cycle Response

172.16.XXXX [28/Jun/2011:14:33:28 +0200] GET http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl HTTP/1.1 407 294 0 0 2830 Microsoft-CryptoAPI/6.1 0  0    Requesting NTLM-Agents

172.16.XXXX [28/Jun/2011:14:33:28 +0200] GET http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl HTTP/1.1 407 378 0 0 3146 Microsoft-CryptoAPI/6.1 0  0    Requesting NTLM-Agents

172.16.XXXX xxxx [28/Jun/2011:14:33:29 +0200] GET http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl HTTP/1.1 304 1026 355 227 293  0  0  STADT W-Allgemein FIN

172.16.XXXX [28/Jun/2011:14:33:29 +0200] GET http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl HTTP/1.1 407 292 0 0 2828 Microsoft-CryptoAPI/6.1 0  0    Requesting NTLM-Agents

172.16.XXXX [28/Jun/2011:14:33:29 +0200] GET http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl HTTP/1.1 407 376 0 0 3128 Microsoft-CryptoAPI/6.1 0  0    Requesting NTLM-Agents

172.16.XXXX xxxx [28/Jun/2011:14:33:29 +0200] GET http://mscrl.microsoft.com/pki/mscorp/crl/mswww(5).crl HTTP/1.1 304 1008 351 176 242  0  0  STADT W-Allgemein FIN

The big "X" 's stands for the rest of the IP, the small "x" 's instead of the name

greetings

Michael S-W

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9

Re: McAfee WebReporter and LogFiles

Hello Michael,

I assume there is something wrong with one of the added rows. We just have to find out which one 🙂

It seems that all of the quotation marks have been removed due to copy&paste so I assume they are present in the access.log. I just talked to Support and maybe some of the columns you are writing are not part of the Web Gateway logfile definition of Web Reporter. If you use the pre defined log formats this may be a problem and you may have to manually tell Web Reporter which row contains what values.

I think the easiest way would be to file an SR with support, and have them take a look into the Web Gateway set up and your Web Reporter configuration.

If possible attach

- a feedback file of the MWG

- a backup file of Web Reporter

- server.log and logparsing.log of Web Reporter

This should allow us to let you know what exact tweaks are required.

Best,

Andre

Highlighted

Re: McAfee WebReporter and LogFiles

Hi Andre,

I feard you would write something like opening a SR. I hoped, it would have be a simple thing ;-(

By the way, there are even in the original no quotation-marks except in the header - perhaps this will be a little helpful!

Until soon and greetings from Wuppertal!

Nachricht geändert durch michael-s-w on 29.06.11 06:02:29 CDT
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: McAfee WebReporter and LogFiles

Hi Michael,

do you have the SR number for me by any chance?

Thank you!

Andre

Highlighted

Re: McAfee WebReporter and LogFiles

Hi Andre,

thank you for your help. I will submit you the SR via PN

Regards

Michael S-W

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 9

Re: McAfee WebReporter and LogFiles

Hi all,

is there a default RuleSet available to use MWG 7.x with WebReporter?

Best, Thorsten

Highlighted

Re: McAfee WebReporter and LogFiles

Hello,

You should probably start new threads if the question doesn't match.  It will help other people find similar problems.

To answer your question,  Web Gateway comes with a default ruleset for the access log. The default works with Web Reporter. Is there something missing that you need help with?  Perhaps you could start a new thread and let us know what you are missing or expecting and we can help you get it corrected.

Troja wrote:

Hi all,

is there a default RuleSet available to use MWG 7.x with WebReporter?

Best, Thorsten

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community