Home > Burstek LogAnalyzer Support > Burstek LogAnalyzer Support > bt-LogAnalyzer 6 Frequently Asked Questions

bt-LogAnalyzer 6 Frequently Asked Questions

GENERAL INFORMATION

Q: Do you support Microsoft’s Forefront Threat Management Gateway 2010 (TMG)?

All Burstek products support Microsoft’s Forefront Threat Management Gateway

TOP

Q: What are the System Requirements for bt-LogAnalyzer?

Windows Server 2003, 2003 R2, 2008, 2008 R2 and Windows 7

TOP

Q: What are the required ISA Server log fields for bt-LogAnalyzer to read my log files?

  1. Client IP (c-ip)
  2. Client User Name (cs-username)
  3. Date (date)
  4. Time (time)
  5. Processing Time (time-taken)
  6. Bytes Sent (cs-bytes)
  7. Bytes Received (sc-bytes)
  8. Protocol (cs-protocol)
  9. Operation (s-operation)
  10. Object Name (cs-url)
  11. Object MIME (cs-mime-type)
  12. Result Code (sc-status)

TOP

Q: How do I view LogAnalyzer output in Excel?

To view the LogAnalyzer report output in Microsoft Excel, run the desired report and save as the XML format.

Note: To open the XML file with Excel or any other XML editor/viewer, make sure a copy of the the ‘ResultsStorage.xml’ file (found in the installation directory of LogAnalyzer) is located in the same folder where the XML report is stored.

The ‘ResultsStorage.xml’ file contains the XML schema for the resulting XML files and is required to open the XML reports with many XML editors.

TOP

Q: Why do my users have more Viewing Time than hours in a day?

Viewing Time is a calculation based off http/https ‘GET’ activities that are successful and the Viewing Time factor configured in the bt-LogAnalyzer Interface. Viewing Time is an ‘Estimate’ of the amount of time a user spends on a given Web Site however since any URL accessed (whether clicked or automatically refreshed) will charge the value specified in the ‘Viewing Time Factor’ property, it does not represent the exact time a user spent on a Web Site.

For example, if a user accesses a Web Site that has automatically refreshing links to other sites and you have a configured a viewing time factor of ‘10 seconds’, each time a successful URL is entered into the log file, bt-LogAnalyzer will add 10 seconds. If the URL refreshes every 20 seconds, then over the course of one minute bt-LogAnalyzer will make the following calculation:

  • Initial URL call = 10 Seconds
  • Three Automatic Refreshes = 30 Seconds
  • Total Viewing Time = 10+30 = 40 Seconds

If the Initial URL has embedded links to content on other Web Sites, then the same calculation will be used. In the example listed, if the initial URL contains content pulled from three remote sites, then the total calculated value would be: 40 seconds * 3 additional Sites = 120 Seconds. If the user minimizes their browser, the automatic refreshing will still occur and after 60 minutes would show 1 hour and 20 minutes of ‘Viewing Time’ in the report.

Viewing Time should be used for ‘Exception’ based reporting to establish a baseline of ‘Normal Usage’ for your environment so that you can quickly identify when something causes this value to jump. Virus and Trojan programs will many times continuously communicate with the internet and if you see a spike in one or more users Viewing Time, it could be alerting you to a potential security risk in your environment allowing you to take the appropriate action.

TOP

APPLICATION CONFIGURATION

Q: Where are the Reports stored in LogAnalyzer; can I change the location?

Reports, by default are stored in the ‘C:\Program Files\Burst Technology\bt-LogAnalyzer\Results’ directory, but you can specify an alternate location by modifying the registry settings.

  1. Open ‘regedit’ from a ‘Run’ command
  2. Navigate to HKLM\Software\BurstTechnology\DDBTLogAnalyzer\Storage (In 64-bit environments the location is HTLM\Software\Wow6432Node\BurstTechnology\DDBTLongAnalyzer\Storage)
  3. Modify the key ‘ResultsPath’ with the location that you want the results to be stored
  4. Copy the ‘ResultsStorage.xml’ file from ‘ C:\Program Files\Burst Technology\bt-LogAnalyzer’ to the new location
  5. Restart the ‘ReportStorage’ service. (This will also restart the bt-LogAnalyzer Service)

TOP

Q: How do I create a Log Info source?

  1. Open the bt-LogAnalyzer management console
  2. Right click on ‘Log Info Sources’, select ‘New’ > ‘Log Info Source’
  3. Select the ‘Log Info Source Type’
  4. Click the ‘Test’ button to verify that LogAnalyzer can read the necessary log files
  5. Click the ‘OK’ button, then click the ‘Apply’ then ‘OK’ buttons to save and close the newly created Log Info Source

TOP

Q: How do I Update the URL Control List?

To ensure you have the most recent version of the URL Control List, follow these steps.

To import and update the most current Category/URL list:

  1. Open the bt-LogAnalyzer management console
  2. Right-click the URL Control List node in the left navigation pane, select ‘Import’, then click ‘OK’. Click ‘Yes’ to accept the immediate download of Control List updates. (If bt-LogAnalyzer is installed with WebFilter on the same server, you will need to use the URL Control List node for that application)
  3. A popup window will display the progress of the download

NOTE: You may schedule the Control List to automatically update daily, weekly, or monthly, by selecting the ‘Automatic Updates’ tab and entering the desired scheduling information.

TOP

Q: How do I schedule a report to run?

  1. Open the bt-LogAnalyzer management console, then click the “+” next to Reports
  2. Right-click on the report you want to set a schedule for, and select ‘Properties’
  3. Click on the ‘Schedule’ tab
  4. Set the schedule options for when the report should run and its ‘Recurrence Schema’ and click the ‘Apply’ and ‘Ok’ buttons

TOP

Q: How do I email a report?

NOTE: The SMTP settings must be configured properly before emailing reports.

  1. Open the bt-LogAnalyzer management console, then click the “+” next to Reports
  2. Right-click on the report result that you wish to email, then select ‘Send To’ -> ‘Mail Recipient’. If you are trying to send the most recent report, right click on the report name itself and select ‘Send To -> Mail Recipient’
  3. Enter the email address of the desired email recipient and select the email format (HTML, or HTML attachment)
  4. Click ‘OK’

TOP

Q: How do I export the results of a report?

  1. Open the bt-LogAnalyzer management console, then click the “+” next to Reports
  2. Right-click on the report result that you wish to export, then select ‘Export To’
  3. Select one of the two report format options listed: HTML or XML
  4. Save the report to the desired location

TOP

Q: How do I reduce the Percentage of the Undefined activity?

Recognizing that no URL database is 100%; Burstek has delivered a Web Extra template to help customers localize their database. To maximize the value of the WebExtra report, we recommend the following procedure:

  1. Make sure your email server details are configured correctly. These settings are found by right-clicking the bt-LogAnalyzer Server node, choosing ‘Properties’, then clicking on the ‘E-Mail Options’ tab.
  2. Download a new Control List by right-clicking ‘URL Control List’, choosing ‘Import…’, then clicking the ‘Ok’ button. We recommend configuring this setting to update everyday on the ‘Automatic Updates’ tab.
  3. Locate, then right-click on ‘Web Extra’ in the list of reports, and then choose ‘Properties’.
  4. On the ‘Customize’ tab, click ‘Edit’ under “Date/Time”, and then choose the date interval you prefer. ‘Prior week’ is suggested. Click ‘OK’.
  5. On the ‘Schedule’ tab, set the ‘Start Report Generation at’ values for the date, time, and frequency that you prefer. We recommend using the ‘Generate Weekly’ Recurrence Schema, on any day of the week you prefer.
  6. When you first run the Web Extra report, review for any internal URLs that may be using the Proxy Server. These URLs can be input directly into the ‘Local’ or ‘Intranet’ categories, which are delivered with the software (see FAQs on how to input appropriate masks).
  7. Once you have all your organizations Web Servers identified, go back to the properties of the Web Extra’ report.
  8. On the ‘Distribution’ tab of the report properties, click “Add” and enter ‘Burstek Control List’ in the ‘Name’ field and ’sites@burstek.com’ into the ‘E-mail:’ field, then click ‘OK’.
  9. Click ‘Apply’, then ‘OK’.

The Web Extra report will automatically run when specified, and will be emailed directly to our Control List department.

NOTE: No proprietary information is sent, only top level domains and related ‘hit’ counts.

TOP

Q: How do I View the Progress of Reports?

  1. To view the progress of your reports, select the ‘Reports’ object on the left side of the bt-LogAnalyzer management console
  2. You will see all the reports on the right side of the screen, and a percentage value will be displayed in the ‘Status’ column of any report currently running.

NOTE: This page is automatically refreshed. Completed reports will display the date and time of completion in their respective ‘Status’ column.

TOP

Q: How do I create a Custom Category for a specific report?

To create a custom category, follow the below steps:

  1. In the bt-LogAnalyzer management console, right-click ‘URL Control List’, then select ‘New’ – >‘Category’
  2. Enter the Name and Description (optional) of the Category on the ‘Common Options’ tab
  3. Click the ‘Included URLs’ tab and click ‘Add’
  4. Enter the desired URL, website, or webpage to include into the category. Asterisks (*) may be used as wildcards. For example, to include the entire acme.com website, you would include two masks: *//acme.com* and *.acme.com*
    NOTE: This method of entering masks ensures that both http://acme.com* and http://www.acme.com* are both categorized alike.
  5. Click ‘OK’
  6. Repeat as necessary

If you would like to enter a Web site or Domain, but eliminate a particular page:

  1. Complete the steps under ‘To create a custom category’ above.
  2. Click the ‘Excluded URLs’ tab
  3. Click ‘Add’
  4. Enter the desired URL, website, or webpage to exclude from the category. Asterisks (*) may be used as wildcards. For example, to exclude the fake.acme.com webpage, you would include two masks in the ‘Exclude’ tab: *//fake.acme.com* and *.fake.acme.com* This will result in http://www.acme.com*, http://acme.com*, and any sub domain other than http://fake.acme.com being categorized as the newly created category.
  5. Click ‘OK’
  6. Repeat as necessary

TOP

Q: How do I add a new URL to a category in the URL Control List?

  1. In the bt-LogAnalyzer management console, expand ‘URL Control List’, right-click the desired category, and then select ‘Properties’.
  2. Click the ‘Included URLs’ tab
  3. Click ‘Add’
  4. Enter the desired URL, website, or webpage to include into the category. Asterisks (*) may be used as wildcards. For example, to include the entire acme.com website, you would include two masks: *//acme.com* and *.acme.com*
    NOTE: This method of entering masks ensures that both http://acme.com* and http://www.acme.com* are both categorized alike.
  5. Click ‘OK’
  6. Repeat as necessary

TOP

Q: How do I exclude certain URLs from a category (and therefore my report)?

  1. In the bt-LogAnalyzer management console, expand ‘URL Control List’, right-click the desired category, and then select ‘Properties’.
  2. Click the ‘Excluded URLs’ tab
  3. Click ‘Add’
  4. Enter the desired URL, website, or webpage to exclude from the category. Asterisks (*) may be used as wildcards. For example, to exclude the fake.acme.com webpage, you would include two masks in the ‘Exclude’ tab: *//fake.acme.com* and *.fake.acme.com* This will result in http://www.acme.com*, http://acme.com*, and any subdomain other than http://fake.acme.com being categorized as the newly created category.
  5. Click ‘OK’
  6. Repeat as necessary

TOP

Q: How do I add/change color of Chat or any category?

  1. Open the bt-LogAnalyzer management console
  2. Right click bt-LogAnalyzer server from the left navigation pane
  3. Select ‘Properties’
  4. Click the Colors tab
  5. Scroll down and highlight the desired category
  6. Click the ‘Change’ button
  7. Click the ‘Select’ button
  8. Select the appropriate color
  9. Click ‘OK’, ‘OK’, ‘Apply’ and ‘OK’

TOP

Q: How do I create an appropriate URL mask?

Typically, the user would use two masks to safely filter a certain domain into a desired category. The following example is the recommended method for adding a mask for the acme.com domain:
*.acme.com*;*//acme.com*

Note: Multiple masks can be entered at once when separated by a semicolon (;).

By enclosing each mask in the wildcard asterisks (*), the navigation to example.com directly or by use of any sub-domain, top-level domain, or folder within (such as mail.example.com or example.com/example1.asp), would also be covered.

TOP

Q: How do I determine which category a URL belongs to?

  1. Open the bt-LogAnalyzer management console
  2. Right-click on ‘Category Lookup’
  3. Enter the URL, or File Extension, then click the ‘Find’ button

TOP

Q: How do I remove reports in bt-LogAnalyzer?

WARNING: Deleting all report results prior to changing the date of the report generation will cause bt-LogAnalyzer to attempt to ‘Catch Up’ with all the deleted reports.

  1. Open the bt-LogAnalyzer management console
  2. Left-click on ‘Reports’ in the left window pane. You can sort the report columns to whatever makes it easier to view and identify the reports that you need to modify
  3. Right-click on the desired report and select ‘Properties’
  4. Select the ‘Schedule’ tab and modify the ‘Start report generation at’ date to a future date and click ‘OK’. If you want to keep a week’s worth of reports, select a date of 7 days prior. Do this for each of the reports that you will be clearing the results from.
  5. Once you have the report scheduled dates modified, expand the ‘Reports’ option in the left window pane.
  6. Right-Click on the desired report and select ‘Clear Results’
  7. A ‘Clear Results’ window will appear allowing you to select the reports that you wish to delete. Mark any reports that should be cleared and select ‘OK’
  8. Repeat for any additional reports.

TOP

Q: How do I adjust the bandwidth cost factor?

  1. Open the bt-LogAnalyzer management console
  2. Right-click on ‘Bandwidth Cost Factor’ and select ‘Edit…’
  3. Adjust the value, and click the ‘OK’ button

NOTE: If you don’t wish to view bandwidth cost on your report, set factor to zero.

TOP

Q: How do I adjust the viewing time factor?

  1. Open the bt-LogAnalyzer management console
  2. Right-click on ‘Viewing Time Factor’ and select ‘Edit’
  3. Adjust the value, and click the ‘OK’ button

NOTE: If you don’t wish to see viewing time factor included on your report, set factor to zero.

TOP

Q: How do I Export my LogAnalyzer 6 settings?

NOTE: If you have a large number of report results, you may wish to clear some of your older reports prior to exporting your settings. Any report results currently in the application will be exported.

  1. Open the bt-LogAnalyzer management console.
  2. Right-click on the bt-LogAnalyzer Server in the top portion of the left window pane.
  3. Select ‘All Tasks’ -> ‘Settings Export’.
  4. Click ‘Next’ at the bt-LogAnalyzer Settings Export window.
  5. Accept the default location or select ‘Change’ to select a new location for the exported files.
  6. Verify the options and select ‘Export’ (Depending on the size of the C:\Program Files\Burst Technology\bt-Loganalyzer\results directory, this operation could take a long time to complete)

TOP

Q: How do I Import my LogAnalyzer 6 settings?

If LogAnalyzer is installed on a server different from the server that the settings were exported from, some changes must be made to the exported settings .reg file. If you are importing settings onto the same server, skip to step 2.

  1. Edit the LogAnalyzer.reg file in the exported settings directory and modify the field ‘CurrentServer’ with your new server name. Also, if the installation has been moved from a 32-bit to a 64-bit system, you will need to replace all entries using ‘Program Files’ with ‘Program Files (x86)’.
  2. Save the newly-modified .reg file, then open the bt-LogAnalyzer 6 management console
  3. Right-click on the bt-LogAnalyzer server in the top portion of the left window pane
  4. Select ‘All Tasks -> Settings Import’ then click ‘Next’ at the bt-LogAnalyzer Settings Import Window
  5. If the ‘Export’ directory is different from the default, click ‘Change’ and identify the location where the previous export was done and click ‘Next’
  6. Verify your settings and select ‘Import’

TOP

REPORT CONFIGURATION

Q: How do I purge older report results via the Management Console?

  1. Change the ‘Schedule’ date on the reports that you want to clear the history for to a date forward of the range you will be deleting. For example, if your report has been running for 6 months and you want to keep the last 3 months of reports, you will want to adjust the ‘Start report generation at’ option on the ‘Schedule’ tab to the current date.

    WARNING: Failure to set the ‘Schedule Options’ date properly will cause bt-LogAnalyzer to attempt to recreate any deleted reports.

  2. Once the date has been modified, right click on the report and select ‘Clear Results’
  3. Place a check mark next to each report you want to delete and select ‘OK’
  4. Click ‘OK’ at the ‘Are you sure..’ dialog

TOP

Q: How do I Generate a WebExtra report?

The WebExtra report is a canned report included with bt-LogAnalyzer and just requires the user to set the proper options for their environment.

NOTE: To have the completed WebExtra report automatically emailed to Burstek, please ensure that the email functionality is configured and working properly.

  1. In the bt-LogAnalyzer console, right click on the ‘- Web Extra’ report and select ‘Properties’
  2. On the ‘Customize’ tab, set the date option for ‘Prior week’
  3. On the ‘Schedule’ tab, set the ‘Start report generation at.’ option. (Recommended Weekly)

    NOTE: Perform the next steps if you want to email the Report to Burstek via LogAnalyzer.If you wish to use another email option, skip to step 8.

  4. On the ‘Distribution’ tab, click ‘Add’
  5. Enter ‘Burstek Control List’ in the name field
  6. Enter sites@burstek.com in the email address field
  7. Select the ‘HTML Attachment’ option
  8. If you wish to just generate the report and send via another email option, you can choose the ‘Save to folder’ option instead

TOP

Q: How do I configure LogAnalyzer 6 to automatically email reports to recipient(s)?

Configure your SMTP server in the LogAnalyzer 6 options:

  1. Right-click bt-LogAnalyzer Server (located in left-hand menu) and select ‘Properties’
  2. Navigate to the ‘E-mail Options’ tab
  3. Enter the Email address

    Note: The Email address you enter is the Email address that will appear in the ‘From’ field when you Email reports. The sender Email address must be properly formatted as such: xyz@company.com

  4. Enter the name of the SMTP server (IP address or DNS)

    Note: This is the mail server the bt-LogAnalyzer 6 will use to Email reports

  5. Click ‘Apply’ then ‘OK’ to set these options

Note: You can test the email settings by clicking the ‘Apply’ button, then clicking the ‘Email_Test…’ button. It is necessary to apply the changes before testing the email settings or an error will be displayed.

Configure the desired report to email upon report generation in the ‘Distribution’ tab:

  1. Right click on the report you want to setup distribution for, and select ‘Properties’
  2. Click on the ‘Distribution’ tab. There are two options:
    (a) You can configure the report results to be emailed, or
    (b) You can save the reports to the local system or a network drive as well as be emailed.
  3. Add the email recipients by clicking the ‘Add’ button and entering the Name and Email address of the desired recipient, then click ‘OK’

    Note: You also have the option of sending the results in XML format from this screen as well.

  4. You can configure the report to be emailed as HTML embedded in the email or as an HTML attachment by selecting the associated option.

    Note: That the field box below the ‘HTML Attachment’ option is for additional text to be included in the body of the email.

  5. Click the ‘Apply’ button then the ‘Ok’ button

Once configuration of the SMTP and report emailing options is completed, your email recipient(s) should receive the reports upon completion.

TOP

Q: How do I reduce the amount of time it takes to run a report?

To reduce the amount of time taken to run a report, one can select the ‘Simple Category Resolution feature in the report properties. To do this:

  1. Navigate to the desired report properties by right-clicking the report, and selecting ‘Properties’
  2. In the ‘Common Options’ tab, be sure to select the check box labeled ‘Simple Category Resolution’

This feature will cause bt-LogAnalyzer 6 to report the URL in the first category that provides a match and prevent bt-LogAnalyzer from checking additional Categories for a match for the URL.

Note: Remember that a URL may belong to more than one category.

TOP

Q: How do I create a new report?

  1. Open the bt-LogAnalyzer management console
  2. Right click on ‘Reports’, then select ‘New -> Report’
  3. Enter a Name and Description for your report
  4. Choose the ‘Type of Report’ and the sub-report types
  5. Select the ‘Maximum Report Lines’ or leave blank to remove the line limit
  6. Choose the ‘Simple Category Resolution’ option to have bt-LogAnalyzer report URLs from the first Category match
  7. Click the ‘Advanced’ button to set the ‘Advanced Options’ for the report
  8. Click on the ‘Customize’ tab to set the following options:
      a. Date/Time of report
      b.Categories to include in the report
      c. Users/Groups to report on
      d. Any additional reports to use as filters
      e. Which log source/s that the report should run against
  9. Click on the ‘Schedule’ tab to set when the report should run
  10. Click on the ‘Distribution’ tab for additional delivery options
  11. If utilizing OU security, click on the ‘Security’ tab to identify Users/Groups that can generate the report and/or view the report results via the console

TOP

Q: How do I customize an existing report?

  1. Open the bt-LogAnalyzer management console
  2. Right-click the report that you would like to customize, then select ‘Properties’
  3. There are 5 tabs listed:
      a. Common Options
      b. Customize
      c. Schedule
      d. Distribution
      e. Security
  4. Select the appropriate tab for your customizations, then click the ‘Apply’ and ‘OK’ buttons to save your changes

TOP

Q: How do I filter on a previously generated report (Top 10 Users for top 10 Websites)?

To create a report that shows the top 10 users, as well as the top 10 web sites accessed, you must create two reports.

NOTE: Create two new custom reports – Top10A and Top10B (name them appropriately for your organization). Be sure to setup the Top10A report first.

Top 10A Report:

  1. In the ‘Type of the report’ section, under the ‘Common Options’ tab, select the ‘Global’ option.
  2. Click the ‘X’ button to the right to deselect all types of reporting variables.
  3. Select the ‘Top Users Activity – Web Pages’ type.
  4. Select the ‘Maximum Report Lines’ checkbox and change the value to ‘10’.
  5. Click the ‘Customize’ tab and edit the Date/Time interval to the desired values.
  6. Click ‘OK’. Click ‘OK’, and then generate the report.

Top 10B Report:

  1. In the ‘Type of the report’ section, under the ‘Common Options’ tab, select the ‘User audit detail’ option.
  2. Click the ‘X’ button to the right to deselect all types of reporting variables.
  3. Select the ‘WebPage Details’ type.
  4. Select the ‘Maximum Report Lines’ checkbox and change the value to ‘10’.
  5. Click the ‘Customize’ tab and edit the ‘Date/Time’ interval to the desired values, then Click ‘Ok’.
  6. Click the ‘Edit’ button, located in the Reports section of the ‘Customize’ tab.
  7. Select the Top10A Report. Click ‘OK’, and then click ‘OK’.
  8. Generate the report after confirming that the Top10A Report has completed.

TOP

Q: How do I run a report on a specific user?

  1. Open the bt-LogAnalyzer management console, then click on the “+” sign next to ‘Reports’
  2. Right-click on the desired report, and select ‘Properties’
  3. Click on the ‘Customize’ tab, then click on the ‘Edit’ button in the Users section
  4. Click on the radio button next to ‘Individual users and Groups’, then click the ‘Add…’ button
  5. Select either ‘Users or NT Groups…’ or ‘Organization Units And Users…’, then select the user from Active Directory, or type in the username. Click the ‘OK’ button
  6. Click the ‘OK’ button. Right-click on the newly-modified report, and select ‘Generate’

TOP

Q: How do I run a report on a single website?

To report on a single website:

  1. Create a new category and add the website or URL mask to the ‘Included URLs’ section of the category properties.
  2. In the desired report properties, navigate to the ‘Customize’ tab, then click the ‘Edit’ button, located in the Categories section.
  3. Select the ‘Select individual categories’ option, and mark the custom category which was created earlier
  4. Click ‘OK’ then ‘OK’ again
  5. Generate the report

TOP

Q: How do I resolve usernames in a report?

  1. Open the bt-LogAnalyzer management console, then click the “+” next to ‘Reports’
  2. Right-click on the report that you would like to resolve usernames for, then click on ‘Properties’
  3. On the ‘Common Options’ tab, click on the ‘Advanced…’ button
  4. Check the box next to ‘Resolve User Names’, and then click the ‘OK’ button
  5. Click the ‘OK’ button

TOP

Q: How do I limit the report lines in a report?

  1. Open the bt-LogAnalyzer management console, then click the “+” sign next to ‘Reports’
  2. Right-click on the report that you would like to limit the number of lines for, and select ‘Properties’
  3. On the ‘Common Options’ tab, check the box next to ‘Maximum Report Lines:’, and type in the actual number of lines you want to see in the report
  4. Click ‘OK’

TOP

Q: How do I eliminate viewing time from my reports?

  1. Open the bt-LogAnalyzer management console
  2. Right-click on ‘Viewing Time Factor’ and select ‘Edit’
  3. Adjust the value to ‘0’, and click the ‘OK’ button

TOP

INSTALLATION MAINTENANCE AND TROUBLESHOOTING

Q: How do I migrate LogAnalyzer 6 to TMG?

  1. Remove unnecessary LogAnalyzer 6 reports prior to exporting settings.

    WARNING: Be sure to set the scheduled date range to a value of today or later. If you do not perform this step, the any report that you clear will attempt to ‘Catch Up’.

  2. Export LogAnalyzer Settings by right clicking on the LogAnalyzer server and selecting ‘All Tasks -> Settings Export’
  3. Install LogAnalyzer on the TMG server

    NOTE: If installing LogAnalyzer on a new server with a different name you will need to open the LogAnalyzer.reg file in the exported settings directory and modify the fields ‘CurrentServer’ and ‘Category Server’ with your new server name. Also, since you are moving the installation to a 64-bit system, you will need to replace all entries using ‘Program Files’ with ‘Program Files (x86)’. This is done because in a Windows 64-bit system, the directory for 32-bit applications is ‘Program Files (x86)’

  4. Import the settings onto the new TMG server

TOP

Q: How do I backup LogAnalyzer?

To backup LogAnalyzer, right click on the server name in the LogAnalyzer 6 management console and select ‘All Tasks’ | ‘Settings Export’. Select the location where you want to save the files and add this location to your daily backup schedule.

TOP

Q: How do I Upgrade to current version of bt-LogAnalyzer?

  1. Download the latest version of bt-LogAnalyzer and unzip the file to your desktop
  2. Open the bt-LogAnalyzer management console
  3. Right-click on the bt-LogAnalyzer Server, select ‘All Tasks’ > ‘Settings Export…’. The Export Wizard dialog box will walk you through exporting your settings
  4. Execute the new bt-LogAnalyzer install that you downloaded in step 1

TOP

Q: Why am I receiving ‘No Data Found’ in report result?

‘NO DATA WAS FOUND FOR THE REPORT SELECTION CRITERIA’ displays in the report after generation:
Typically, this is caused by one of the following conditions:

  1. There are no logs for the Date or Time, and/or user(s) selected
  2. The Log Info Sources are not correct
  3. Permissions are not set to allow this account to access the log file directory
  4. An incorrect log file format or date has been selected

There are no log records for the Date or Time, and/or user(s) selected (the default is ‘prior week’ and ‘All users’) Verify the following settings:

  1. Right-click on the selected report in the left navigation pane
  2. Select ‘Properties’, then select the ‘Customize’ tab
  3. Click the ‘Edit’ button for Date and Time
  4. Select a ‘Custom’ date range for a period for which you have log files, then click ‘OK’
  5. Click the ‘Edit’ button for Users and be sure to select either ‘All users’ or a group(s)/user(s) that is/are included in the log files for the date/timeframe that you have configured in the previous steps
  6. Save the changes, then re-generate the report

The Log Info Sources are not correct:

LogAnalyzer installs with two default ‘Log Info Sources’ on the local drive:
- Microsoft ISA Server
- Microsoft Proxy 2.0

If your log files reside on another machine or in another location on the local machine, you will have to modify or add the source:

  1. Select Log Info Sources in the left pane
  2. Right-click on the appropriate Log Info Source in the right-hand pane and select ‘‘Properties’
  3. Click the ‘Browse’ button and navigate to the appropriate directory
    Note: For remote directories, UNC paths must be used (i.e. \\server\remote_directory)
  4. Click the ‘Test’ button near the bottom of the popup window
  5. If the “Test Failed”, there is a permissions or access problem with the directory, please see the next paragraph below to change the settings

Permissions are not set to allow this account to access the log file directory:

  1. Open the ‘Services.msc’ console on the server
  2. Locate and right-click the ‘bt-LogAnalyzer’ service, then select ‘Properties’
  3. Navigate to the ‘Log On’ tab. If ‘Local System Account’ is selected, deselect this option by selecting the ‘This account’ option
  4. Enter an account Username and Password with Administrative privileges on the Local machine and read privileges on the log directory of the remote machine
  5. Restart the bt-LogAnalyzer service and reopen the bt-LogAnalyzer management console

An incorrect log file format or date has been selected:

All Microsoft logs should use the default, ‘Auto-detect – MS’ date and file format. All other log file types should be selected from the drop down list. If using custom/modified Microsoft ISA Server logs, please ensure they contain the following fields:

  1. Client IP (c-ip)
  2. Client User Name (cs-username)
  3. Date (date)
  4. Time (time)
  5. Processing Time (time-taken)
  6. Bytes Sent (cs-bytes)
  7. Bytes Received (sc-bytes)
  8. Protocol (cs-protocol)
  9. Operation (s-operation)
  10. Object Name (cs-url)
  11. Object MIME (cs-mime-type)
  12. Result Code (sc-status)

TOP

About Us

Burstek's Web Security software provides Internet Filtering and web user Reporting that blocks and reports inappropriate web content from any users, students and employees.

Web Monitoring, Reporting & Filtering

Burstek iSuite

Burstek LogAnalyzer - Web Reporting

Burstek WebFilter - Web Filtering

Free Full Feature 30 day Trial

Contact Us

Burstek
Bonita Springs, FL 34135

800.709.2551 / 239.495.5900

Email: info@burstek.com