New bcreporterwarp_v1_user log format after upgrade to SGOS 6.5.9.10

book

Article ID: 169218

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition ProxySG Software - SGOS

Issue/Introduction

After upgrading SGOS from 6.5.5.7 to 6.5.9.10, the ProxySG appliance automatically adds new log format bcreporterwarp_v1_user to the SysInfo file. For example, the file shows:

create format "bcreporterwarp_v1_user"
edit format bcreporterwarp_v1_user ;mode
type elff "date time time-taken c-ip cs-username cs-auth-group x-exception-id cs(Referer)  sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-cs-client-ip-country x-risk-category x-risk-score x-user-x509-serial-number x-user-x509-subject rs-bytes x-cs-client-effective-ip x-cs-client-effective-ip-country cs(X-Forwarded-For) rs-service-time-taken r-ip"
exit

 

Cause

The ProxySG appliance can detect format name collisions. In SGOS 6.5.9.10, the new field x-bluecoat-transaction-uuid exists in the bcreporterwarp_v1 log format  After upgrading to SGOS 6.5.9.10, the appliance detects duplicate access log format names during the boot process and creates bcreporterwarp_v1_user to prevent a name collision.