Audit Datasource are configured to accept the logs from the On-prem proxy (Edge SWG / ProxySG) , the files were uploaded as expected but SpanVA logs show that the log file does not contain any recognizable logs.

SpanVA logs show events similar to this:

2024-09-11 18:41:31,406 - datasource_watcher - DEBUG - Found new file for datasource: <Datasource Name>. File name: <filename> Size: <size> MB Upload time: <time>
2024-09-11 18:41:32,412 - datasource_watcher - DEBUG - No log files found in the compressed archive : <file location>

Audit Datasource of Proxy type is configured with SCP uploads to SpanVA.

The original Access Logs file generated by the Edge SWG has a top section which lists some of the important information about the file, and it is written in this format:

#Software: SGOS x.x.x
#Version: 1.0
#Date: 2024-01-01 11:59:59
#Fields: date time cs-ip…

these fields are expected by Audit in order to parse the data correctly, that's a required section and removing it from the log file will lead to the error.

To fix the issue, keep those fields at the top of the access log file.