08-06-2021 07:26 AM - edited 08-08-2021 11:35 PM
Hello,
We have observed the following:
“It has been identified that the following Cisco Ironport device, has wrong log formatting:
drwsasrv01 @ x.x.x.x
More specifically, the user agent and the username are not enclosed in quotes.
<14>Mar 23 17:07:09 x.x.x.x IRONPORT_SYSLOG: Info: x.x.x.x 54989 x.x.x.x 443 2021-03-23 15:07:09 CONNECT tunnel://select-d.openx.net:443/ 2 200 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 select-d.openx.net 231 - 39 - NONAME\NONAME@AD <"IW_busi",5.0,1,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,"IW_busi",-,"-","Business and Industry","-","Unknown","Unknown","-","-",1.34,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-",-> DECRYPT_WBRS_7-NONAME_VPN_decryption-AD_Profile-NONE-NONE-NONE-DefaultGroup-NONE -
Furthermore, it was also identified that the "proxy referer" is not logged on this device.”
Have you any idea what we should troubleshoot first?
Thanks
08-07-2021 09:29 AM
anyone?
10-19-2021 04:46 AM
Hello @spacemeb
still experiencing the problem? Does it applied to all log events or on small part only?
05-17-2022 04:30 PM
If the issue is still there:
[1] Kindly advise, if you are viewing these logs from Syslog server or WSA CLI > grep
[2] is this issue for all access logs or some of them
[3] please let us know if the Anonymization is checked in the Access log or not?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide