Symantec Reporter (previously known as Blue Coat Reporter) processes the access logs uploaded from ProxySG and ASG appliances. While the managing of Databases is fairly clear in Reporter, it is not immediately obvious how the software or appliance handles the access logs used to build this database. This article will cover three common questions in detail regarding how the access logs are handled.
Can Reporter Manage my access logs?
Can Reporter delete my old access logs?
Can Reporter expire old access logs like it can expire old database data?
All versions of Reporter will not manage access logs in a simi liar manager as it can data in the database. Meaning, if Reporter is configured to expire database data every day and it will only keep 30 days worth of data in the database, Reporter will not do the same for the access logs.
Examples: If the Reporter server has been running for 60 days, and there are 60 days worth of raw access logs, and the database is configured to only keep 30 days of data, the 60 days worth of access logs will stay but the Reporter database will only have 30 days worth of data. If the Reporter server has been running for one year and has one year's worth of access logs, but the database is configured to only keep 30 days worth of data in the database, all the access logs for the past year will remain but only 30 days worth of data will be in the Reporter database.
Here is a list of each upload method and what these upload methods do with access logs once they have been processed.
|Access log upload method||Access log file action (post processing action)|
|ProxySG upload||Once the file has been successfully uploaded the access log is deleted.|
|FTP Server Source||The file is read from the FTP source. No other processing is done.|
|Local File Source||1.) The access log can be renamed (append .done to the filename)
2.) Move the processed log to a different folder on the computer.
3.) Delete the log file after it has been successfully added
If the Reporter server is not using a method which deletes the access log (such as the direct ProxySG upload method), the access logs will remain on the file system. So a script or batch file will need to be created and periodically run that will delete the old, unwanted access logs stored on the local file system or on the remote FTP server.
NOTE1: If your access logs are stored on a Windows 2003 or Windows 2008 server, please see TECH241790 for information on the forfiles.exe command and how it can help you manage your access log files.
NOTE2: For details on the exact fields that Reporter expects in the access log, see TECH244752