Count the total number of scans that has been initiated beyond the 90 days on the dashboard
search cancel

Count the total number of scans that has been initiated beyond the 90 days on the dashboard

book

Article ID: 266933

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

While viewing the dashboard of the Java based UI or web central console, you seek a count of the total number of scans that has been initiated beyond the 90 days on the dashboard.

 

Environment

Release : 8.2.2

Resolution

NOTE: The steps below are targeted for a SPE installed on Windows where the SPE has Insight file reputation lookup enabled.
NOTE: The filename SSE20230523.log is an example. Other filenames in the format SSEYYYYMMDD.log should also work so long as they present in the folder at the time the queries are executed.

- To count the number of successful scans at the cmd CLI
   First, navigate to the log folder of SPE at the cmd prompt. By default, this is:
   cd "C:\Program Files\Symantec\Scan Engine\log"

   Within this folder, to get a count of the number of successful scans on a given day, type: 
   find "|" SSE20230523.log | find /v  "AGENT_INFO" | find /v "LiveUpdate" | find /c "|0|2|5|3|"

   Expected output: a non-zero number

- To see the unsuccessful scans, type: 
  find "|" SSE20230523.log | find /v  "AGENT_INFO" | find /v "LiveUpdate" | find /v "|0|2|5|3|"

  NOTE: IF you're not used to looking at the SPE logs in raw format, you may want to use the logconverter utility as described in KB 164643:
        https://knowledge.broadcom.com/external/article?articleId=164643  


To change the scope on how far back you search, change the filename using DOS wildcard syntax. Here's an example: 
  find "|" SSE2023052?.log | find /v  "AGENT_INFO" | find /v "LiveUpdate" | find /v "|0|2|5|3|" 

  ... would count successful scans from 2023-05-20 to 2023-05-29 (or the current date if today is not yet 2023-05-30)



Comparable queries at the Linux bash prompt include:

grep "|" SSE20230523.log | grep -v  "AGENT_INFO" | grep -v "LiveUpdate" | grep -c "|0|2|5|3|"

grep "|" SSE20230523.log | grep -v  "AGENT_INFO" | grep -v "LiveUpdate" | grep -v "|0|2|5|3|"

 

Additional Information

Why are there no log entries for clean scans in my logs?

By default, SPE is setting to logging level 3, "Warning" for local logging. CLEAN scan results are logged starting at level 5, VERBOSE. For more info, please see:
https://knowledge.broadcom.com/external/article?articleId=159007 

Where are the rest of my logs?

By default, SPE retains all logs. However, if local SPE administrators have set the LogLocal to a number of days, then SPE will only retain that many days worth of log files, and remove any additional during the daily logrotate procedure. So, if this value is set to 10, and you want to query logs to a maximum of 365 days, this value must be changed. For details, see: 

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/9-0-0/Core-server-only-mode/changing-the-number-of-log-file-to-be-maintained-i-v128493365-d4995e22911.html 

How do I perform queries with custom ranges?

If using wildcards in the target filename is not granular enough, then copy the files for the days you seek to query into a subfolder, then cd into that folder and run the find or grep query in that folder.


What do these errors in the logs mean?

While working with the SPE logs, if you find an error code pair you are not able to interpret, please see the following KB: 

https://knowledge.broadcom.com/external/article?articleId=177633 

 

Powered by Wolken Software