Jan 4, 2013 1:51 AM
There are 6 proxies configured in network out of which one is dedicated only for remote users using MCP. Access logs of all these proxies goes to a central db server. From there it comes to web reporter for analysis. There is a single log source configured on Web Reporter. User group details of MCP users is extracted via LDAP query before group based policy. I want to extract number of users coming on proxy (daily count with user details) dedicated to MCP users. how can this be achieved? Please advice!
You should separate the logs from each proxy appliance at your central DB server. Then in Web Reporter, create a log source for each proxy. Then you can filter your report results based on log source. That is the best way.
On a side note, you will have scaling issues by running multiple appliances into a single log source. The problem is due to how the summary data is cached. If data isn't loaded sequentially, the time it takes to load data into the cache can increase. There are a few other conditions that need to be met before you would see trouble, but it is still best practice to avoid this scenario.
You are not likely in an immediate danger, so I don't want to make you panic, but perhaps this is something you should consider.
If you do not separate log sources, the only other method I can think of is to log some distinct value in the access logs to idenitfy the proxies, such as their host name. Then on your log source you import that into a user-defined column. Then you could filter reports based on that user-defined column. However, there are several negative points with this method.
1) User-defined columns require a premium reporting license and doesn't come.
2) User-defined columns are only available for detailed data. If you are not storing it, you would need to start.
3) Detailed data is approximately 10x larger than summary data so reports run slower
4) You would be making your access logs a little larger and recording something that really shouldn't be necessary
5) You cannot use quick-view to report on user-defined columns
6) To filter reports based on user-defined columns, you need to do it at the query level, which is a little deep in the config, and not so obvious.
I would prefer to use different log source for each proxy because of its advantages you explained. The problem is how to create seperate log source for each proxy. All the proxies are in cluster so i think the configuration at one proxy would sync with rest of the proxies in cluster. What do you usually recommend is such cases?
You use %h to be substituted for System.HostName
If you are pushing to web reporter, create an an account for each proxy using the host name of the proxy (proxy1, proxy2, proxy3, etc.).
You will have to use the same password for all of them because that does sync across all the proxies.
Then on the Access log push setting, use the %h as the username.
You can also do something similar if you are FTPing to a archive server, just push the logs to a different folder:
In my case, %h will equal mwg7:
Message was edited by: eelsasser on 1/7/13 2:02:28 AM EST
Message was edited by: eelsasser on 1/7/13 2:02:46 AM EST
Or push directly to Web Reporter, then set the post-processing to FTP the logs to the archive server. Side affect is that the file names will have some added numbers. The next version of Web Reporter, 5.2.1, will retain the original file names. It's going to be released reall soon.