"-" means there is no data.
With regards to categories, it's Uncategorized.
But when I click the "-" under Categories , I get sites like google, msn, blackberry, and ibm.
I am sure these sites are not Uncategorized.
When you put entries in the Global Whitelist rules at the top of the rule sets with a Stop Cycle, the URL does not fall into any rules that check for URL.Categories and then it doesn't assign a category to that URL in the logs.
One thing you can do is have the logs categorize on input in Web Reporter. It will lookup all the ones that don't have values.
Another thing that might occur is if you are doing proxy authentication. The embryonic 407 entries don't have categories assigned to the yet, but they still have log entries.
You can exclude the logging of 407 by putting a rule into the log handler that says 'Response.StatusCode does not equal 407'
This makes sense. Thanks!
Could you give a little more detail on how to "have the logs categorize on input in Web Reporter"?
In Web Reporter, go into Administration>Options>Categorizations and enter the Web Reporter Serial Number and download the TrustedSoruce database.
Then on the Log Source itself, edit the Log Source>Processing and select the options for Include Categories from TrustedSrouce Web Data base and the Reputation option below it.
That should try to categorize anything that has a blank category against the currently download databse in reporter.
Thanks for the suggestion. This problem was actually fixed when I upgraded to the new version 5.1.1.01
Now I only see the "-" under Malware and Protection Areas. What does the "-" mean under these areas?
In essence, those are entries that do not contiain malware. That's probably almost all entries, and throws off the scale of charts.
I apply a filter for Malware name
To get them to display better on the quick views, I put a filter for non-blank malware names.
For Advanced Reports, I put an exclude in the query:
I've used the Response.StatusCode does not equal 407 to clean up my access logs and it's working great. Subsequently, I created another log handler to log auth failures using Response code equals 407. It is sitting after the Access Log handler. The access logs were previously littered with 407 status codes. Now I know the 407 response code is a normal part of the procedure when the WG challenges a client for authorization. I'm not looking to log those requests... just looking to log true authentication problems. I'm not getting any logs yet and I'm not sure if its due to haivng zero auth issues currently of if I'm approaching this the wrong way. Could you advise?