Solutions

Using Smartfilter, and Squid access logs, I don't see a category.

Solutions ID:    KB3752
Version:    5.0
Status:    Published
Published date:    03/29/2010
Updated:    09/15/2010
 

Problem Description

When I run a policy trace, I am seeing category in each transaction (by smartfilter).  However, the accesslog , which is configued for the squid format,  doesn't contain a category.  Can you explain why?

What fields does a squid access log contain?

Does a squid access log contain a field for category?

Can I use a squid access log, and expect Bluecoat Reporter to process it properly?

Resolution

Bluecoat Reporter is not designed to process Squid access logs. The format of a Squid Access log does not contain a category field, and hence, while the SG policy finds a category for each websites,  there is no field for category in this access log.  For more information on the access log fields, please see this WIKI page - Squid log files.

Here's an exmple of a policy that is configured for the Squid log format - the log is called CIFS which is only the name, but the access log type is squid, which I've highlighted.

!- BEGIN access_logging
access-log  ;mode
enable
max-log-size 65000
overflow-policy delete
early-upload 55000
edit log main ;mode
format-name squid
ftp-client primary host 1.1.2.6 2
ftp-client primary path "/"
ftp-client primary username jnoname
ftp-client primary encrypted-password "** Password suppressed **"
ftp-client pasv no
client-type ftp
early-upload 60000
remote-size 65000
connect-wait-time 900
periodic-upload upload-interval daily 4
exit
edit log streaming ;mode
early-upload 45000
exit
edit log ssl ;mode
format-name squid
early-upload 60000
remote-size 65000
exit
edit log cifs ;mode
format-name squid
early-upload 60000
remote-size 65000
exit
edit log mapi ;mode
early-upload 45000
exit
edit log im ;mode
early-upload 45000
exit
edit log p2p ;mode
early-upload 45000
exit
exit
!- END access_logging

NOTE: For a Bluecoat Reporter solution we suggest you process access logs that confirm to the MAIN type  format and not use squid -FAQ282  Often a access log may be called Main, but is configured to use another Access log type, such as squid, so be sure you are confirming the Access Log Type,  as per this article, and not merely the name.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question