cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12

Web Reporter question regarding "-"

What is the "-" we get in Web Reporter.    We get this under User Names, Categories, Malware.

Why is there a Caregory "-"??

unknown.png

0 Kudos
19 Replies
eelsasser
Level 15

Re: Web Reporter question regarding "-"

"-" means there is no data.

With regards to categories, it's Uncategorized.

0 Kudos
jont717
Level 12

Re: Web Reporter question regarding "-"

But when I click the "-" under Categories , I get sites like google, msn, blackberry, and ibm.

I am sure these sites are not Uncategorized.

0 Kudos
eelsasser
Level 15

Re: Web Reporter question regarding "-"

When you put entries in the Global Whitelist rules at the top of the rule sets with a Stop Cycle, the URL does not fall into any rules that check for URL.Categories and then it doesn't assign a category to that URL in the logs.

One thing you can do is have the logs categorize on input in Web Reporter. It will lookup all the ones that don't have values.

Another thing that might occur is if you are doing proxy authentication. The embryonic 407 entries don't have categories assigned to the yet, but they still have log entries.

You can exclude the logging of 407 by putting a rule into the log handler that says 'Response.StatusCode does not equal 407'

Message was edited by: Erik Elsasser on 1/13/11 1:23:10 PM CST
0 Kudos
jont717
Level 12

Re: Web Reporter question regarding "-"

This makes sense. Thanks!

0 Kudos
sdtsmit
Level 7

Re: Web Reporter question regarding "-"

Erik,

Could you give a little more detail on how to "have the logs categorize on input in Web Reporter"?

Thanks!

Tammy

0 Kudos
eelsasser
Level 15

Re: Web Reporter question regarding "-"

In Web Reporter, go into Administration>Options>Categorizations and enter the Web Reporter Serial Number and download the TrustedSoruce database.

Then on the Log Source itself, edit the Log Source>Processing and select the options for Include Categories from TrustedSrouce Web Data base and the Reputation option below it.

That should try to categorize anything that has a blank category against the currently download databse in reporter.

0 Kudos
jont717
Level 12

Re: Web Reporter question regarding "-"

Thanks for the suggestion.  This problem was actually fixed when I upgraded to the new version 5.1.1.01

Now I only see the "-" under Malware and Protection Areas.  What does the "-" mean under these areas?

0 Kudos
eelsasser
Level 15

Re: Web Reporter question regarding "-"

In essence, those are entries that do not contiain malware. That's probably almost all entries, and throws off the scale of charts.

I apply a filter for Malware name

To get them to display better on the quick views, I put a filter for non-blank malware names.

Capture.JPG

For Advanced Reports, I put an exclude in the query:

Image1.png

0 Kudos
sdtsmit
Level 7

Re: Web Reporter question regarding "-"

Erik,

Thanks for the information, I was missing the part where we needed to download the TS database.  I tried setting this up, but I am getting an error message from Web Reporter when I try to download the Trusted Source database.  We get this same error whether the download is manual or scheduled.

McAfee Web Reporter was unable to download the TrustedSource Web Database on [servername].

Reason: Not enough memory (10)

Memory utiliztion seems normal on the Web Reporter server, but we do have our database on a separate server, which I haven't checked yet.  I'm really not even sure if the Trusted Source database gets inserted into our SQL database for Web Reporter or if it just resides on the Web Reporter server.  There don't seem to be any articles in the KB about this issue. Do you have any ideas?

Thanks,

Tammy

Message was edited by: sdtsmit on 1/20/11 2:46:08 PM CST
0 Kudos