Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to excluded logs after collect (Used this Cisco IronPort Web Security)

Created: 04 Jan 2013 • Updated: 10 Jan 2013 | 5 comments
This issue has been solved. See solution.

Hi people,

 

I configured the collector Cisco IronPort Web Security for excluded archives after collected.

 

This option delete after processing, but is not function.

 

Ideas.

 

Thanks,.

Comments 5 CommentsJump to latest comment

Laurent_c's picture

If I understood correctly what you want to do:

in your archive rules, you need to add a filter to exclude the Event. (a reverse filter if you don;t want them written to archive.) Something like :

"Product not equal to Cisco IronPort Web Security"

Ronaldo.Santos's picture

After colect logs this not excluded automatic.

The screenshot this actually configuration.

configuration.jpg
SK Ooi's picture

I think you  got to wait until the system has rolled over to a new log file before the OLD one is deleted. It will not remove entries from the existing log files, if I guess that is what you are after.

 

 

sk

Ronaldo.Santos's picture

I was waiting for the logs but not extinguished alone, I made a script to delete all night the day before.

I never used this option exclusion.

When the log file reaches 100 mb is created a new

Does it have size limit for the log file?

Do you think it would be interesting to let smaller?

 

Thanks.

Ronaldo.Santos's picture

Hi people,

 

I find solution this problem the service agent is used with account the service.

 

Thanks

SOLUTION