Support | bt-LogAnalyzer

****JavaScript based drop down DHTML menu generated by NavStudio. (OpenCube Inc. - http://www.opencube.com)****

Support

	Best Practices
	Quick Start Guide
	Download
	FAQ's
	Submit a Ticket

bt-MailFilter

Control List

bt-LogAnalyzer Quick Start Guide

LogAnalyzer supports multiple log formats. Data can reside in log files or ODBC supported databases or both. LogAnalyzer also supports network drives. LogAnalyzer automatically detects the type of logs and date format for Microsoft logs (ISA, Proxy2, Exchange).

LogAnalyzer can be integrated with our web filtering software or installed as a standalone module.

After defining the Log Info Sources and clicking the 'Test' button, I get a 'test failed'
'No Data' displays in the report
Cannot generate a report using data from a network drive
IP Addresses instead of User Names are displayed
LogAnalyzer Service Unavailable
Updating the Control List

After defining the Log Info Sources and clicking the 'Test' button, I get a 'test failed'

Typically this means there are no logs in the directory or 'Permissions' are not set to allow this account to access the log file directory. To change the account

	start 'services'
	select bt-LogAnalyzer service and select 'Properties'
	click the 'Log On' tab
	if 'Local System Account' is checked, please uncheck
	enter an account User and Password with Administrative privileges on both the Local machine and the Remote machine
	re-start the bt-LogAnalzyer service

top

'No Data' displays in the report

Typically this is caused by one of the following conditions"

There are no log records for the Date or Time selected (the default is the prior week) Verify settings:

	right-click on the selected report in the left navigation pane
	select 'Properties'
	select the 'Customize' tab
	click the 'Edit' button for Date and Time
	select a 'custom' date range for a period for which you have log files
	re-generate the report

Permissions are not set to allow this account to access the log file directory

	start 'services'
	select bt-LogAnalyzer service and select 'Properties'
	click the 'Log On' tab
	if 'Local System Account' is checked, please uncheck
	enter an account User and Password with Administrative privileges on both the Local machine and the Remote machine
	stop and start the bt-LogAnalzyer service

An incorrect log file format or date has been selected (All Microsoft logs should use the default, all others should be selected from the drop down list.

If using MS ISA Server logs and they have been modified, please ensure they contain these fields:

	Client IP (c-ip)
	Client User Name (cs-username)
	Date (date)
	Time (time)
	Processing Time (time-taken)
	Bytes Sent (cs-bytes)
	Bytes Received (sc-bytes)
	Protocol (cs-protocol)
	Operation (s-operation)
	Object Name (cs-url)
	Object MIME (cs-mime-type)
	Result Code (sc-status)

top

Cannot generate a report using data from a network drive

This is typically caused because the account does not have the correct permissions. Often, during the installation of LogAnalyzer, the user accepts the 'local' account instead of entering a UserName and Password for an account with administrative privileges. To correct this:

	start 'services'
	select bt-LogAnalyzer service and select 'Properties'
	click the 'Log On' tab
	if 'Local System Account' is checked, please uncheck
	enter an account User and Password with Administrative privileges on both the Local machine and the Remote machine
	stop and start the bt-LogAnalzyer service

NOTE: Please use UNC and not a 'mapped' drive

top

IP Addresses instead of User Names are displayed

This is caused because Authentication is not enabled on the MS ISA Server (if using the WebFilter plug-in for ISA Server) or WebFilter Proxy (if using the standalone version of WebFilter).

To enable authentication:

For MS ISA Server

	start 'MS ISA Server Management Console'
	right-click on your server name (top node in left pane) and select 'Properties'
	click the 'Outgoing Web Requests' tab
	near the bottom of the screen, check the box 'Ask unauthenticated users...'
	click Apply

For Standalone WebFilter only

	start 'Burstek WebFilter Management Console'
	right-click on your server name (top node in left pane) and select 'Properties'
	click the 'Proxy Options' tab
	check the box 'Ask unauthenticated users for identification'
	click Apply

top

LogAnalyzer Service Unavailable

If you selected 'Client' during the installation of LogAnalyzer and not the 'Complete' install, you will get this error. The 'Client' is for remote console purposes.

Please reinstall LogAnalyzer and select the 'Complete' installation.

If you are getting this error after installing the 'remote client' and trying to connect to the server where the complete LogAnalyzer is installed it is probably a 'permissions' problem.

The client machine account must have 'Local Administrator' permissions on the server machine. In other words, the client machine account must be a member of the 'Administrators' group of server machine.

The account on client machine does not have to be domain administrator but 'Local Administrator' on the server machine only

top

Updating the Control List

To import and update the most current Category/URL list:

	Right-click the URL Control List node in the left navigation pane
	Select Import
	Click OK
	A popup window will display the progress of the download

NOTE: You can also schedule the Control List to be automatically updated by selecting the 'Automatic Updates' tab and entering the desired scheduling information.\

If you are using LogAnalyzer integrated with our web filter, this step is not necessary as LogAnalyzer will use the same Control List as the web filter software.