Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Parabol
Contributor

SmartReporter - AntiVirus/Bot logs aren't populating into the reports

Hi all,

We have some custom SmartReporter reports setup, we've used them for years now. We have one which shows the past 24-hours Anti-Virus and Anti-Bot events, it's essentially built with the following columns:

Report Category: Threat Prevention

- Protection Name

- Source

- Destination

- Blade

etc... And the filter is to equal Anti-Virus OR Anti-Bot blade. A very simple report.

 

Typically this has always worked, we get emailed the report every day, and it's a nice summary of events. We can glance at it and easily see what types of attacks occurred, what IP's were involved, severity, resource/FQDNs etc.. 

Recently its stopped populating, the logs are still there, but the reporter isn't pulling them. Strangely when going on "last 24-hours" on the report, there is nothing. But change to "Past 7 days" and it populates some details, but events are still missing.

It's really inconsistent, even building a report/widget from scratch with very simple filters (E.g. show me anti-virus & anti-bot blades events) it's not populating correctly.

Our  SmartReporter is a separate VM to our management server.

We patched the SmartReporter to the latest R81.10 JHF will no joy.

Checking the antivirus/bot logs IN SmartReporter shows the logs/events are there, so the reporter has them. But for whatever reason its not putting them into the Reports via the widget, even when expanding the filters to be very open.

Is there any tshoot steps we might be able to perform to try and remedy this?

Thanks!

 

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

Does SmartView reports show "no data found" errors for different widgets?

Suggest reviewing Doctor Log output with TAC...

CCSM R77/R80/ELITE
0 Kudos
Parabol
Contributor

Yes the widget shows "No data found" when selected to "Past 24-hours". If I change it from this to "Yesterday" it then loads some things (but misses a lot). If I change it to "Last 7 days" it again shows some things, but misses the entry from yesterday for example. It's very inconsistent with what it shows.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Might be a FetchedFiles issue (sk181209) which TAC can verify based on the output from Doctor Log.

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events