I currently have a dilemma.
The MWG we are running produce roughly 2gb of 'access.log' per day, per site (2 sites).
Currently, we rotate the acces.log daily and push it on rotation to CSR (at 30 minutes interval per site so as to avoid overwhelming CSR)
We have a need for CSR to be updated more often so that the web stats in ePO dashboards reflect what is going more precisely than only once a day.
I was thinking of setting the "Auto Pushing" to "Push Interval 1 hour" while keeping the "Auto Rotation" at "Daily rotation time 00:00" but that does not work. The push never happens until the access.log file is actually rotated.
I could set the 'Auto Rotation' to every 1 hour, but I would ideally like to keep 1 'access.log' file per day (it just makes it easier to troubleshoot when a user calls and says I tried doing 'xyz' today and it didn't work, they rarely remember the time at which they had the problem so having hourly 'access.log' files makes it a bit more tedious to find their specific access event).
Is there any other way to accomplish what I'm looking for? (Use CSR as syslog maybe?)
Message was edited by: malware-alerts on 7/14/14 1:51:01 PM CDT
You're exactly right. Only rotated log files are pushed. The push script keeps track of file names that are pushed; it can not keep track of blocks of time per log file that has been pushed.
Syslog is a perfect solution to get real-time data in CSR. https://community.mcafee.com/docs/DOC-5206