WSA S170 - does web tracking function get data from access logs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2015 03:16 AM
Hi,
Got a pretty basic question, we have had to clear some logs down on our WSA S170, mainly the access logs (which we have backed up), I've noticed it's currently set to roll over every 10GB and is limited to 10 files, I was wondering when we run web tracking does it use these logs to collect the data? or refers to somewhere else. 10GB of data is roughly a months worth of web access traffic for us.
Regards,
Ross
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2015 05:38 AM
Are you using the Security Management Appliance (SMA) to run web tracking reports? If so they collect their own data from the accesslogs and build the tracking and reporting reports. Yes the reports and tracking data on box use the accesslogs to build the historical reports. Best practice as you've noted is always to backup/archive your accesslogs to an external server via SCP. You might want to decrease the rollover size and frequency to make those files more manageable for searching offbox, running a grep against a 10GB file could take some time. - Tom
