Sawmill 7.3.1 DB rebuild fails due to corrupt date fields

fanheuser_ironport — Wed, 28 Oct 2009 18:08:00 GMT

Hi all,

anybody able to help? My new Sawmill 7.3.1 installation (Windows x86) fails to rebuild the database. It never worked, the "background process stopped unexpectedly". Logs are default standard Squid format access logs from a S160 (v5.6.6). Profile is standard "HR" with the log format automatically recognized by Sawmill. "Sec Ops" profile yields the same errors.

When performing a command-line rebuild with debug outputs, it looks like on none of the log entries the date/time can be recognized (same error for all records).

[t2]: [p]: Processing line: [t2]: 1255880992.122 0 10.70.10.18 TCP_DENIED/407 242 HEAD http://osce8-p.activeupdate.trendmicro.com/activeupdate/ini_xml.zip - NONE/- - OTHER-NONE <Comp,-,-,-,-,-,-,-,-,-,-,-,-> -
[t2]: [p]: Got log token[t2]: '1255880992.122' (index=1, subindex=1)
[t2]: [p]: Got normalized date from date field: {corrupt}
[t2]: [p]: Got normalized time from time field: {corrupt}

The log entry reads
1255880992.122 0 10.70.10.18 TCP_DENIED/407 242 HEAD http://osce8-p.activeupdate.trendmicro.com/activeupdate/ini_xml.zip - NONE/- - OTHER-NONE <Comp,-,-,-,-,-,-,-,-,-,-,-,-> -

How can the log data be imported successfully? Do I need to change the access log file format on the S160?

Any help will be appreciated.

Kind regards

Frederik

Solved: Sawmill 7.3.1 DB rebuild fails

fanheuser_ironport — Wed, 28 Oct 2009 22:16:06 GMT

Hi all,

the problem has been solved: the log files got corrupted during transfer from the WSA to the Sawmill server. With uncorrupted logfiles, database rebuild worked as expected.

Hooray!

Frederik

topic Sawmill 7.3.1 DB rebuild fails due to corrupt date fields in Web Security

Sawmill 7.3.1 DB rebuild fails due to corrupt date fields

Solved: Sawmill 7.3.1 DB rebuild fails