Using Smartfilter, and Squid access logs, I don't see a category.

Solution

Overview

When I run a policy trace, I am seeing category in each transaction (by smartfilter).  However, the accesslog , which is configued for the squid format,  doesn't contain a category.  Can you explain why?

What fields does a squid access log contain?

Does a squid access log contain a field for category?

Can I use a squid access log, and expect Bluecoat Reporter to process it properly?

Cause
Resolution

Bluecoat Reporter is not designed to process Squid access logs. The format of a Squid Access log does not contain a category field, and hence, while the SG policy finds a category for each websites,  there is no field for category in this access log.  For more information on the access log fields, please see this WIKI page - Squid log files.

Here's an exmple of a policy that is configured for the Squid log format - the log is called CIFS which is only the name, but the access log type is squid, which I've highlighted.

!- BEGIN access_logging
access-log  ;mode
enable
max-log-size 65000
overflow-policy delete
early-upload 55000
edit log main ;mode
format-name squid
ftp-client primary host 1.1.2.6 2
ftp-client primary path "/"
ftp-client primary username jnoname
ftp-client primary encrypted-password "** Password suppressed **"
ftp-client pasv no
client-type ftp
early-upload 60000
remote-size 65000
connect-wait-time 900
periodic-upload upload-interval daily 4
exit
edit log streaming ;mode
early-upload 45000
exit
edit log ssl ;mode
format-name squid
early-upload 60000
remote-size 65000
exit
edit log cifs ;mode
format-name squid
early-upload 60000
remote-size 65000
exit
edit log mapi ;mode
early-upload 45000
exit
edit log im ;mode
early-upload 45000
exit
edit log p2p ;mode
early-upload 45000
exit
exit
!- END access_logging

NOTE: For a Blue Coat Reporter solution we suggest you process access logs that confirm to the MAIN type  format and not use squid 000021974Often a access log may be called Main, but is configured to use another Access log type, such as squid, so be sure you are confirming the Access Log Type,  as per this article, and not merely the name.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB3752
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat