The reports that show virus activity are empty.
The "Potential Threats" report shows no viral activity.
The "ProxyAV Mal ware Detected" report shows no viral activity.
The "Potential Malware infected Clients" Report is empty.
Reports are not declaring virus related activity, in Reporter.
For Reporter to report on viruses on your network, it needs to have first detected evidence of such in the access logs, it processes through. This article suggests two ways you can troubleshoot why you may not be seeing virus activity in your reports.
Checking your access logs:
To check you access log to see if it's registered any virus activity , follow these steps:
Watching a test virus being detected by your SG:
To conduct a live troubleshooting trial or a test virus, on a SG, follow these steps.
CPL policy needed to write to the SG access log:
If you find that the PRoxy SG is not writing out the name of the virus to the access logs, you should check to see if this CPL code is configured.
Here is the CPL code the customer used.
define Cache policy avscan
NOTE1: If the (x-virus-id) is a – then the ProxySG is not writing out to the access log, viruses that it finds, or configured appropriately for a PROXY AV. This article can help you verify if the your two appliances- Proxy AV and the Proxy SG - are setup properly - PROXY AV
NOTE2: For information on the proper access log fields, needed for Bluecoat Reporter, see FAQ282
NOTE3: For more information on how Viruses are detected, and reported in the access log, see KB3967
Rate this Page
Please take a moment to complete this form to help us better serve you.