Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

How to excluded logs after collect (Used this Cisco IronPort Web Security)

Created: 04 Jan 2013 • Updated: 10 Jan 2013 | 5 comments
This issue has been solved. See solution.

Hi people,

I configured the collector Cisco IronPort Web Security for excluded archives after collected.

This option delete after processing, but is not function.

Ideas.

Thanks,.

Comments 5 CommentsJump to latest comment

Laurent_c's picture

If I understood correctly what you want to do:

in your archive rules, you need to add a filter to exclude the Event. (a reverse filter if you don;t want them written to archive.) Something like :

"Product not equal to Cisco IronPort Web Security"

Ronaldo.Santos's picture

After colect logs this not excluded automatic.

The screenshot this actually configuration.

configuration.jpg
SK Ooi's picture

I think you  got to wait until the system has rolled over to a new log file before the OLD one is deleted. It will not remove entries from the existing log files, if I guess that is what you are after.

sk

Ronaldo.Santos's picture

I was waiting for the logs but not extinguished alone, I made a script to delete all night the day before.

I never used this option exclusion.

When the log file reaches 100 mb is created a new

Does it have size limit for the log file?

Do you think it would be interesting to let smaller?

Thanks.

Ronaldo.Santos's picture

Hi people,

I find solution this problem the service agent is used with account the service.

Thanks

SOLUTION