Screencasts - Hilfsvideos

How to excluded logs after collect (Used this Cisco IronPort Web Security)

Created: 04 Jan. 2013 • Aktualisiert: 10 Jan. 2013 | 5 Kommentare
Dieses Problem wurde gelöst. Siehe Lösung.

Hi people,

I configured the collector Cisco IronPort Web Security for excluded archives after collected.

This option delete after processing, but is not function.

Ideas.

Thanks,.

Kommentare KommentareZum neuesten Kommentar

das Bild der Laurent_cs

If I understood correctly what you want to do:

in your archive rules, you need to add a filter to exclude the Event. (a reverse filter if you don;t want them written to archive.) Something like :

"Product not equal to Cisco IronPort Web Security"

das Bild der Ronaldo.Santoss

After colect logs this not excluded automatic.

The screenshot this actually configuration.

configuration.jpg
das Bild der SK Oois

I think you  got to wait until the system has rolled over to a new log file before the OLD one is deleted. It will not remove entries from the existing log files, if I guess that is what you are after.

sk

das Bild der Ronaldo.Santoss

I was waiting for the logs but not extinguished alone, I made a script to delete all night the day before.

I never used this option exclusion.

When the log file reaches 100 mb is created a new

Does it have size limit for the log file?

Do you think it would be interesting to let smaller?

Thanks.

das Bild der Ronaldo.Santoss

Hi people,

I find solution this problem the service agent is used with account the service.

Thanks

LÖSUNG