New bcreporterwarp_v1_user log format after upgrade to SGOS 6.5.9.10
Article ID: 169218
Updated On:
Products
Asset Management Solution
Data Center Security Monitoring Edition
ProxySG Software - SGOS
Issue/Introduction
After upgrading SGOS from 6.5.5.7 to 6.5.9.10, the ProxySG appliance automatically adds new log format bcreporterwarp_v1_user to the SysInfo file. For example, the file shows:
create format "bcreporterwarp_v1_user"
edit format bcreporterwarp_v1_user ;mode
type elff "date time time-taken c-ip cs-username cs-auth-group x-exception-id cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-cs-client-ip-country x-risk-category x-risk-score x-user-x509-serial-number x-user-x509-subject rs-bytes x-cs-client-effective-ip x-cs-client-effective-ip-country cs(X-Forwarded-For) rs-service-time-taken r-ip"
exit
create format "bcreporterwarp_v1_user"
edit format bcreporterwarp_v1_user ;mode
type elff "date time time-taken c-ip cs-username cs-auth-group x-exception-id cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-cs-client-ip-country x-risk-category x-risk-score x-user-x509-serial-number x-user-x509-subject rs-bytes x-cs-client-effective-ip x-cs-client-effective-ip-country cs(X-Forwarded-For) rs-service-time-taken r-ip"
exit
Cause
The ProxySG appliance can detect format name collisions. In SGOS 6.5.9.10, the new field x-bluecoat-transaction-uuid exists in the bcreporterwarp_v1 log format After upgrading to SGOS 6.5.9.10, the appliance detects duplicate access log format names during the boot process and creates bcreporterwarp_v1_user to prevent a name collision.
Feedback
Powered by
