search cancel

Downloading and controlling the logs files


Article ID: 171420


Updated On:


Cloud Secure Web Gateway - Cloud SWG


As the Symantec Web Security Service processes web traffic requests and transactions, it stores the hourly access logs in the service. The services allow you to download these raw log files as zip files that contain selected one-hour log files or daily log files that contain all 24 one-hour log files. There are two use cases for this:

  • For the Web Security Service, the logs are retained for 100 days in the reporting database. When this milestone is reached, the Web Security Service begins deleting log file data on a daily basis, beginning with the first day registered. Download the logs for your own archiving purposes.
  • You use the Symantec Reporter product and you want to use it to reprocess specific logs. You must use Symantec Reporter 9.x Enterprise Edition or Symantec Reporter 10.1.5.

The log files are aggregates of all configured locations that feed into the Web Security Service.

Depending on the product, the Symantec Web Security Service retains accumulated access log and report database data that spans a finite number of days or years.

  • Web Security: 100 days.
  • Hosted Reporting: 1 year.

You might have a personal concern or a corporate edict on how long user data should remain in the cloud. The Web Security Service allows you set a limit for how long stored data remains in the reporting database.


Download Raw Access Log FilesOpen

  1. In Service Mode, select Reporting > Log Download.

  1. By default, the portal lists the log files by Day in the order that the service receives them beginning with the oldest date (in UTC). To view more selectable days, click the arrow keys in the footer.
  2. If necessary, select a Date Filter (select the Start Date and End Date, which correspond to the date range of the received logs, not necessarily the dates of the actual Web transactions).

  1. (Optional) Change the view by selecting Hour from the Type drop-down.

  1. Select the files on displays pages; you cannot select files across multiple pages.  Click Download.

  1. Given your browser vendor, the zip download/open dialog displays or the zip download displays (for example, in Chrome). Save the File to a staging or archive server or directly to the Reporter 9.x server or 10.1.5+ appliance if needed.





Specify Access Log Retention Duration

  1. In Service Mode; select Reporting > Log Controls.

  1. Move the slider to adjust the retention limit. (The initial value varies—100 days to 1 year—depends on the Web Security Service product).

  1. As you move the slider, the Log Retention Time fields (the Log Retention Time field and the field hovering over the slider) display the limits.
  2. When you are satisfied with the limit, click Save.

  1. For a verification mechanism, the portal displays the Delete Access Logs dialog.  The dialog reminds you of the log download best practice mentioned above. The dialog also indicates how many days of data the service will delete if you enact the limit. To enact the limit, you must enter the word DELETE in the field and click DELETE. If you enter any other characters and click DELETE, the service does not enact the limit.  As stated on the screen, the service might require up to 24 hours to adjust to the new limit.

  1. The Reset link on the page moves the limit to the previously set limit before you click Save. To restore the service default, move the slider fully to the right.



  1. Default Log Control: All traffic through the Web Security Service will be logged based on the Default Logging Control unless it is overridden by a stricter privacy level in the Granular Log Controls section.

  1. Granular Log Controls: If traffic matches more than one privacy level, the strictest privacy level will be applied.
  • Click on Add Bottom.Choose a Privacy Level to apply to the items being added.