Name: Systems Reporter

Text: Blue Coat® Systems
Reporter™

Configuration and Management Guide

version 8.3.1

Blue Coat Reporter Configuration and Management Guide

Contact Information
Blue Coat Systems Inc.
420 North Mary Ave
Sunnyvale, CA 94085-4121
http://www.bluecoat.com/support/contact.html
bcs.info@bluecoat.com
http://www.bluecoat.com
For concerns or feedback about the documentation: documentation@bluecoat.com

Copyright© 1999-2007 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means
nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other
means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are
and shall remain the exclusive property of Blue Coat Systems, Inc. and its licensors. ProxySG™, ProxyAV™, CacheOS™, SGOS™,
Spyware Interceptor™, Scope™, RA Connector™, RA Manager™, Remote Access™ are trademarks of Blue Coat Systems, Inc. and
CacheFlow®, Blue Coat®, Accelerating The Internet®, WinProxy®, AccessNow®, Ositis®, Powering Internet Management®, The
Ultimate Internet Sharing Solution®, Permeo®, Permeo Technologies, Inc.®, and the Permeo logo are registered trademarks of Blue Coat
Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners.
BLUE COAT SYSTEMS, INC. DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED,
STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT
LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT SYSTEMS, INC., ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR
ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS,
INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Document Number: 231-02930
Document Revision: v8.3.1 00A 04/30/2007
For concerns or feedback about the documentation: documentation@bluecoat.com

ii

Contents
Contact Information

Chapter 1: Introduction
Welcome To Blue Coat Reporter .......................................................................................................................9
About the Document Organization ..................................................................................................................9
Related Blue Coat Documentation..................................................................................................................10
Document Conventions....................................................................................................................................10
Typographical Conventions .....................................................................................................................10
Procedure Conventions .............................................................................................................................10
Chapter 2: Installation
System Requirements .......................................................................................................................................11
Hardware Requirements...........................................................................................................................11
Software Requirements .............................................................................................................................11
Browser Support.........................................................................................................................................11
Interaction With Anti-Virus Services ......................................................................................................11
Installation ..........................................................................................................................................................12
Windows Installation.................................................................................................................................12
Linux Installation .......................................................................................................................................13
Accessing Blue Coat Reporter Locally or Remotely.....................................................................................14
Troubleshooting.................................................................................................................................................14
Troubleshooting the Windows Service ..........................................................................................................14
Chapter 3: Blue Coat Reporter Overview and Licensing
The Data Profiles/Settings Menu ...................................................................................................................17
Licensing.............................................................................................................................................................18
Standard vs Enterprise ..............................................................................................................................18
Adding an Enterprise License ..................................................................................................................18
About Reports and Log Filters ........................................................................................................................19
Chapter 4: Managing Profiles and User Accounts
Section A: About Data Profiles and Database Types
What is a Data Profile? .....................................................................................................................................22
About the v8 Data Profiles ...............................................................................................................................22
Optimal Blue Coat SG Appliance Log Formats .....................................................................................23
Content Filtering Reporting......................................................................................................................24
About the v7 Profile ..........................................................................................................................................25
Best Practice: Log Forwarding Frequency .....................................................................................................25

iii

Blue Cloat Reporter Configuration and Management Guide

Next Step ............................................................................................................................................................ 25
Section B: Creating a v8 Data Profile
Creating the Data Profile.................................................................................................................................. 26
Linking an SG Appliance for Real-Time Reporting ..................................................................................... 33
Unloading/Reloading a Database (v8) .......................................................................................................... 36
Section C: Creating a v7 Database Profile
Section D: Creating Roles (v8)
Section E: Creating User Accounts
Creating a Non-Admin User Account ........................................................................................................... 50
Creating New Administrative Users.............................................................................................................. 51
Tips for Creating User Accounts..................................................................................................................... 51
Section F: Configuring Reporter Preferences
Configuring General Settings.......................................................................................................................... 52
Configuring Server Settings ............................................................................................................................ 53
Configuring E-mail Server Settings................................................................................................................ 55
Configuring Log Settings (v8) ......................................................................................................................... 56
Chapter 5: Generating and Managing Reports
Section A: Generating a Data Report Database
Section B: Blue Coat v8 Data Profile Reports—Dashboards
About the Main Log Dashboard ..................................................................................................................... 61
About the Log Reader Activity Report .......................................................................................................... 62
About the Trend by Volume Report ....................................................................................................... 65
Adding Reports to the Dashboard.................................................................................................................. 66
Adding the Stream Reader Activity Report........................................................................................... 66
Adding Usage Reports .............................................................................................................................. 67
Editing Dashboard Reports ............................................................................................................................. 68
Viewing Full Dashboard Reports ................................................................................................................... 69
Moving Dashboard Reports ............................................................................................................................ 70
Adding Additional Log Files........................................................................................................................... 71
About the CIFS Log Dashboard and Reports ............................................................................................... 71
Section C: Blue Coat v8 Data Profile Reports
About the Reports Page ................................................................................................................................... 73
Applying a Report Filter .................................................................................................................................. 73
Viewing Reports................................................................................................................................................ 78
Viewing the Report Overview ........................................................................................................................ 81
Viewing the Full Log Detail Report ............................................................................................................... 81
Section D: Blue Coat v7 Profile Reports
About the Overview Page................................................................................................................................ 83
Viewing Reports................................................................................................................................................ 83
Selecting a Single Calendar Element .............................................................................................................. 86
Applying a Date Range............................................................................................................................. 87

iv

Contents

Applying an Expression Filter ................................................................................................................. 88
Section E: Saving and Exporting Individual Reports
Using Easy Save ................................................................................................................................................ 93
Exporting a Report............................................................................................................................................ 94
Section F: Configuring the Reporter Scheduler
About the Scheduler ......................................................................................................................................... 97
Scheduling Reports ........................................................................................................................................... 97
Scheduler Action: Build Database (v7) ................................................................................................... 98
Scheduler Action: Generate Report Files (v7 and v8)........................................................................... 99
Scheduler Action: Remove Database Data (v7)................................................................................... 101
Scheduler Action: Expire Database Data.............................................................................................. 101
Scheduler Action: Send Report By E-mail (v7 and v8)....................................................................... 102
Scheduler Action: Update Database (v7).............................................................................................. 104
Editing or Deleting a Task ............................................................................................................................. 105
Using Easy Schedule (Admin only) ............................................................................................................. 105
Using Easy E-mail (Admin Only) ................................................................................................................. 106
Chapter 6: Configuring Data Profiles
Section A: Blue Coat v8 Data Profile Configuration
About the Profile Editor ................................................................................................................................. 108
Configuring the Log Sources......................................................................................................................... 109
Viewing and Controlling Log Readers ................................................................................................. 109
Adding a Log Source............................................................................................................................... 110
Editing a Log Source ............................................................................................................................... 111
Altering Log Processing Options.................................................................................................................. 112
Basic Options ............................................................................................................................................ 113
Advanced Options................................................................................................................................... 114
Risk Groups ..................................................................................................................................................... 115
Managing Reports........................................................................................................................................... 115
General Display/Output ........................................................................................................................ 115
Graph Display .......................................................................................................................................... 119
Reports/Reports Menu ........................................................................................................................... 120
Rebuilding a v8 Profile Database.................................................................................................................. 127
Section B: Blue Coat v7 Profile Configuration
About the Profile Editor ................................................................................................................................. 129
Configuring Log Data..................................................................................................................................... 130
Log Source(s) ............................................................................................................................................ 130
Log Processing.......................................................................................................................................... 131
Log Filters ................................................................................................................................................. 133
Configuring the Database .............................................................................................................................. 139
Database Options ..................................................................................................................................... 139
Database Tuning ...................................................................................................................................... 141
Database Fields Reference ...................................................................................................................... 142

v

Blue Cloat Reporter Configuration and Management Guide

Configuring DNS Lookup ............................................................................................................................. 142
Configuring Report Attributes...................................................................................................................... 144
General Display/Output ........................................................................................................................ 144
Graph Display .......................................................................................................................................... 147
Reports/Reports Menu ........................................................................................................................... 148
Appendix A: Report Concepts and Reference
Section A: Report Concepts
About the Page View Combiner (v8) ........................................................................................................... 158
About Field Value Normalization ................................................................................................................ 159
About Browse Time Calculations ................................................................................................................. 160
About Date Offset Calculations .................................................................................................................... 160
About Optimizing Log Processing Configurations (v8) ........................................................................... 161
About Access Log Naming Conventions ............................................................................................. 161
About Chronological Ordering.............................................................................................................. 162
About Known Conditions for Efficiency/In-efficiency...................................................................... 163
About Database Purging......................................................................................................................... 163
About Configuration Options................................................................................................................ 164
Section B: v8 Profile and Report Log Field Reference
Report Field/Log Field Names ..................................................................................................................... 165
Main Logs.................................................................................................................................................. 165
CIFS Logs .................................................................................................................................................. 166
Reports/Log Field Matrix.............................................................................................................................. 169
Notes .......................................................................................................................................................... 169
Main Log Field Matrix ............................................................................................................................ 169
CIFS Log Field Matrix ............................................................................................................................. 174
Section C: v8 Profile Default Export File Names
Section D: v7 Log Field Reference—Blue Coat Main Format
Appendix B: v7 Profile Reference
Section A: v7 Database Concepts
Database Overview......................................................................................................................................... 182
Memory, Disk, and Time Usage ................................................................................................................... 182
Building the Database Faster.................................................................................................................. 183
Using Less Memory During Database Builds...................................................................................... 183
Tuning the Database....................................................................................................................................... 184
Section B: Using Log Filters
About Filters .................................................................................................................................................... 190
Hits .................................................................................................................................................................... 190
Log Filter Syntax ............................................................................................................................................. 191
Examples .......................................................................................................................................................... 194

vi

Contents

Appendix C: Configuration File Reference
Section A: About Configuration Files
Creating Configuration Files ......................................................................................................................... 200
Creating and Editing Profile Files ................................................................................................................ 201
Section B: Profile Options
Default log date year ...................................................................................................................................... 203
Log data format ............................................................................................................................................... 203
Log entry pool size.......................................................................................................................................... 203
Log reading block size.................................................................................................................................... 204
Skip processed files on update...................................................................................................................... 204
Log processing threads .................................................................................................................................. 205
Actions email address(es) (v7 and v8) ......................................................................................................... 205
DNS timeout (seconds)................................................................................................................................... 206
Maximum Simultaneous DNS Lookups...................................................................................................... 207
Report email address(es)................................................................................................................................ 207
Report to email (v7 and v8) ........................................................................................................................... 207
Return email address (v7 and v8)................................................................................................................. 208
Secondary DNS Server ................................................................................................................................... 208
SMTP Server Hostname (v7 and v8) ............................................................................................................ 209
Use TCP to Communicate with DNS servers ............................................................................................. 209
Number thousands divider (v7 and v8) ...................................................................................................... 209
Number of seconds between progress pages (v7 and v8)......................................................................... 210
Allow viewers to rebuild/update database ................................................................................................ 210
Cache reports (v7 and v8) .............................................................................................................................. 211
Session timeout (seconds) .............................................................................................................................. 211
Maximum session duration (seconds) ......................................................................................................... 211
First weekday................................................................................................................................................... 212
Marked weekday............................................................................................................................................. 212
Log entry name (v7 and v8)........................................................................................................................... 213
Expand paths greater than this ..................................................................................................................... 213
Section C: Preference Options
Never look up IP numbers using domain nameserver ............................................................................. 214
Only look up IP numbers for log entries ..................................................................................................... 214
Logout URL...................................................................................................................................................... 215
Temporary files lifespan (seconds) (v7 and v8).......................................................................................... 215
Trusted hosts (v7 and v8)............................................................................................................................... 215
Show full operating system details in errors (v7 and v8) ......................................................................... 216
Authentication command line (v7 and v8).................................................................................................. 216
LogAnalysisInfo folder location (v7 and v8) .............................................................................................. 217
Web server port (v7 and v8) .......................................................................................................................... 217
Maximum simultaneous tasks ...................................................................................................................... 217
Maximum CPU usage percent ...................................................................................................................... 218
Web server IP address .................................................................................................................................... 218

vii

Blue Cloat Reporter Configuration and Management Guide

Appendix D: Using Reporter from the Command Line Interface
The Blue Coat Reporter Command Line ..................................................................................................... 219
Overriding Profile Options from the Command Line ............................................................................... 220
Building and Updating Databases from the Command Line................................................................... 220
Command Line Options................................................................................................................................. 221
Section A: Managing the Database
build_database (bd) ........................................................................................................................................ 222
merge_database (md) ..................................................................................................................................... 222
print_database_statistics (pds) ...................................................................................................................... 222
print_items (pi) ................................................................................................................................................ 222
rebuild_cross_reference_tables (rcrt) ........................................................................................................... 222
rebuild_database_hierarchies (rdh).............................................................................................................. 223
rebuild_database_indices (rdi)...................................................................................................................... 223
remove_database_data (rdd)......................................................................................................................... 223
update_database (ud) ..................................................................................................................................... 223
Section B: Getting Profile Information
list_database_fields (ldf) ................................................................................................................................ 224
list_log_fields (llf)............................................................................................................................................ 224
list_profiles (lp)................................................................................................................................................ 224
list_reports (lr) ................................................................................................................................................. 224
Section C: Generating Reports
export_csv_table (ect) ..................................................................................................................................... 225
generate_all_report_files (garf) ..................................................................................................................... 225
generate_report_files (grf) ............................................................................................................................. 225
print_values (pv) ............................................................................................................................................. 226
send_report_by_email (srbe) ......................................................................................................................... 226
Section D: Command Line Debug Output
Section E: Report Filter Syntax
Report Statistics Filters ................................................................................................................................... 228
Cross Referencing and Simultaneous Report Filters ................................................................................. 229
Appendix E: About Upgrading
About Profile Compatibility .......................................................................................................................... 231
v8.2.x to v8.3.x .......................................................................................................................................... 231
v8.1.x to v8.3.x .......................................................................................................................................... 231
v7.x to v8.3.x ............................................................................................................................................. 231
Windows ................................................................................................................................................... 231
Linux .......................................................................................................................................................... 232
Upgrade Options (7.x or 8.1.x to 8.3.x)......................................................................................................... 232
Upgrade Preparation Option A: Running a Script ............................................................................. 232
Upgrade Preparation Option B: Performing Tasks Manually .......................................................... 232

viii

Contents

Appendix F: Copyrights
Index

ix

Blue Cloat Reporter Configuration and Management Guide

x

Chapter 1: Introduction

This chapter introduces you to the Blue Coat® Reporter and provides the document
description and conventions.

Welcome To Blue Coat Reporter
Blue Coat Reporter analyzes Blue Coat SG access log files and presents data using over
150 pre-defined reports.
Reporter generates dynamic reports on demand, and it supports features such as
zooming (or drill-down viewing) and filtering. You can also create and apply
expression and log filters. For example, you can create filters to zoom in on the events
for a particular address on a particular day, or to see requests to a specific content
filtering category. Reporter allows you to navigate naturally and quickly through
hierarchies.
Reporter runs as its own Web server, serving its HTML pages to any Web browser
through HTTP. Reporter is accessed through a Web browser.

About the Document Organization
This document is divided into the following sections and chapters:
Chapter Title

Description

Chapter 1: “Introduction”

This chapter.

Chapter 2: “Installation”

Provides system requirements and instructions for installing
and launching Reporter using either Windows or Linux.

Chapter 3: “Blue Coat Reporter Overview and
Licensing”

Describes the initial Reporter screen and describes how to
enter an Enterprise License.

Chapter 4: "Managing Profiles and User
Accounts"

Describes how to create Reporter profiles and user accounts,
and how to assign reports to profiles.

Chapter 5: "Generating and Managing
Reports"

Describes how to create a profile and a user account, use the
Scheduler, set profile preferences, and generate a report.

Chapter 6: "Configuring Profiles"

Describes how to modify existing profiles and report
appearances; describes how to tune databases.

Appendix A: "Report Concepts and
Reference"

Provides more details about the contents of an HTML report
page; describes concepts relating to Reporter processes;
provides log field and report field references and matrices.

Appendix B: "v7 Profile Reference"

Explains how to create configuration files and apply advanced
log filters to selectively eliminate portions of your log data
from the statistics.

Appendix C: “Configuration File Reference”

Lists the Profile and Preference options.

9

Blue Coat Reporter Configuration and Management Guide

Chapter Title

Description

Appendix D: "Using Reporter from the
Command Line Interface"

Explains how to use the Reporter command-line to manage
databases, create reports, and view profile information. Also
covers a number of run time options.

Appendix E: "Upgrading From Reporter 7.1.x
to 8.2.x"

Describes how to perform initial tasks required before
upgrading.

Appendix F: "Copyrights"

Lists the third party vendors licensed by Blue Coat.

Related Blue Coat Documentation


Blue Coat ProxySG Configuration and Management Suite



Blue Coat ProxySG Content Policy Language Guide

Document Conventions
This document uses the following typeface and screenshot conventions.

Typographical Conventions
The following section lists the typographical and Command Line Interface (CLI) syntax
conventions used in this manual.
Table 1-1.
Conventions

Definition

Italics

The first use of a new or Blue Coat-proprietary term.

Courier font

Command line text that appears on your administrator workstation.

Courier Italics

A command line variable that is to be substituted with a literal name
or value pertaining to the appropriate facet of your network system.

Procedure Conventions
This document employs the use of screenshots (Online Help excluded) to illustrate
procedures and convey example information.


Procedure screenshots—Identified by borders and callouts, these precede numbered
steps or a set of steps. The numbered callouts point to Reporter fields and options
relevant to the given procedure, and correlate with the numbered steps below, which
provide detailed explanations of the options.



Figures—Identified by incremental numbering below them (no borders), figures
provide conceptual information or completed examples of preceding procedures.

10

Chapter 2: Installation

This chapter describes how to install and access Blue Coat Reporter on a Windows or
Linux platform.
Important: Before you install and run Reporter 8.3.x, be aware of the associated
upgrade issues, such as report compatibility. If you are upgrading to Reporter 8.3.x
from Reporter 7.1.x, (Windows only), you must perform an upgrade preparation
procedure, which involves running a script. For upgrade information, see Appendix
D:“About Upgrading” on page 231 or the Blue Coat Reporter 8.3.x Release Notes.

System Requirements
Blue Coat Reporter is a resource-intensive application. Having more disk, CPU, and
memory than the minimum requirements improves the performance.

Hardware Requirements
Refer to the Specifications document located at:
http://www.bluecoat.com/products/reporter.

Software Requirements


Microsoft Windows



Red Hat Linux.

Refer to the Blue Coat Reporter Release Notes for the most current list of supported
software and versions.
Reporter uses its own Web server—an existing Web server is not required on the
computer where it is running.

Browser Support


Mozilla Firefox (the recommended browser)



Internet Explorer® or 6.x or 7.x (IE 7.x recommended)

While other browsers, such as Netscape®, might function properly, they are not
supported by Blue Coat.

Interaction With Anti-Virus Services
Blue Coat Reporter and Anti-virus (AV) scanners running on the same servers causes
problems with folder processing. Blue Coat recommends locating log scanning and AV
scanning services on different servers.
If this is not possible, you can have them co-exist on the same server, but you must
configure the AV scanner to ignore specific Reporter folders. Reporter constantly opens
hundreds of files for exclusive access in its folders and will fail if it cannot obtain an
exclusive lock on a file. Configure the AV scanners to ignore the following folders:


LogAnalysisInfo\Databases (or whereever the database folder resides)

11

Blue Coat Reporter Configuration and Management Guide



LogAnalysisInfo\IPC



LogAnalysisInfo\Locks



LogAnalysisInfo\log_formats



LogAnalysisInfo\Output



LogAnalysisInfo\profiles



LogAnalysisInfo\ReportCache



LogAnalysisInfo\SessionChanges



LogAnalysisInfo\templates



LogAnalysisInfo\TempLogs



LogAnalysisInfo\TemporaryFiles



LogAnalysisInfo\WebServerRoot



LogAnalysisInfo\ (not all subdirectores, rather the root, which would ignore the files in

this directory)

Installation
How you install Reporter depends on the platform: Window or Linux.

Windows Installation
Reporter is a standard Windows installer.
To install Reporter using Windows:
1.

Double-click the Windows installer program to start the installer, and follow the
installation Wizard tasks.

2.

The installation wizard prompts you to respond to a few standard installation
questions, such as acceptance of product terms and installation location. Then the
following dialog displays:

Figure 2-1. Installation question dialog.

Because of substantial design enhances, profiles created before updating to Reporter
8.2.1.0 are not compatible with this version. However, if you have created custom
profiles, this dialog allows you to preserve those configurations to make it easier to
customize 8.3.x profiles.


Click Yes to rename the LogAnalysisInfo folder (appends the current folder with
.old), thus preserving your obsolete profile configuration files. If you click Yes, a
verification dialog appears. Click Yes again.



Click No to instruct Reporter to overwrite the existing LogAnalysisInfo folder with
the new 8.3.x version folder and not retain a copy of the previous folder.

After Reporter is installed, automatically launches a Web browser and connects to
Reporter.

12

Chapter 2: Installation

3.

The first time you launch Reporter, you are prompted to enter (thus creating) an
administrator username and password. (see "Troubleshooting" on page 14 if you have
created them before and forgotten them).

4.

Click Login.

Note: For Windows users: Reporter runs as the SYSTEM user by default, which could
restrict access to network shares or mapped drives. If you cannot access mapped network
drives with Reporter, see "Troubleshooting the Windows Service" on page 14 for
instructions about running Reporter as a different user.

If you encounter other problems, see "Troubleshooting" on page 14.

Linux Installation
Reporter is downloaded as a gzipped tar archive file.
To install Reporter using Linux:
1.

Transfer the gzipped tar archived file to the Linux machine that is to run Reporter.

2.

Open a shell prompt from the Linux command line.

3.

To invoke the gunzip utility and untar the file, enter the following command:
gunzip -c (bcreport.tgz) | tar xf Note: Change (bcreport.tgz) to match the name of the file you downloaded.

4.

When the archive is uncompressed and extracted, run Reporter by changing to the
installation directory and typing the name of the executable file from the command
line:
cd (installation-directory)
Note: You might need to change the filename to match the actual version you

downloaded.
Reporter launches, starting its own Web server on the Linux machine (using port
8987). See "Accessing Blue Coat Reporter Locally or Remotely" below for more
information about running Reporter.

13

Blue Coat Reporter Configuration and Management Guide

Note: To run Reporter in the background, add a single ampersand (&) to the end of

the command line that starts Reporter. This allows you to close the terminal window
without killing Reporter. On some systems, you might also need to add nohup to the
beginning of the command line for this to work properly.
If you experience any installation problems, see "Troubleshooting" on page 14.

Accessing Blue Coat Reporter Locally or Remotely
Now that Reporter is installed, you can access it from the Windows Start menu or by
entering the IP address or DNS name.
To access Reporter through or Linux:
1.

Access Reporter locally by browsing to the local host IP address, which is:
http://127.0.0.1:8987/

2.

(Optional) To access Reporter remotely, browse to the server IP address:
http://server_ip_or_hostname:8987/

where server_ip_or_hostname is the IP address or DNS name of the computer on
which you installed Reporter.
3.

Enter your administrator username and password. (see "Troubleshooting" on page 14
if you have created them before and forgotten them).

Troubleshooting
If Reporter does not start up (for example, if you receive a page back when you enter the
URL or if you receive an error page), attempt the following:


Verify you installed the version of Reporter that matches the computer on which you
are running Reporter (for instance, you cannot run the Linux version of Reporter on
Windows).



Verify you downloaded Reporter in BINARY mode.



In Linux, verify the Reporter program is executable.

If you forget your username or password, you can change them:


Go to the LogAnalysisInfo folder and open the users.cfg file; change the username
and/or password and close the file.



You can also delete the users.cfg file, which deletes all usernames and passwords
from Reporter. When you launch Reporter, you are prompted to create a new
username and password.

Troubleshooting the Windows Service
By default Reporter is installed as a service on Windows. It runs as the local system
account. This account does not have access to network shares. To use network shares, you
must change the service user to one who has permission to access the desired resources.
On some Windows versions, Reporter cannot browse mapped network drive letters. In
this case, directories must be specified using UNC paths. For example:
\\servername\sharename\.

14

Chapter 2: Installation

When run directly from the command line, Reporter displays mapped network drive
letters.
To update the system username/password:
1.

On the PC:
a.

2.

3.

Select Start > Settings > Control Panel.

b.

Double-click Administrative Tools.

c.

Double-click Services or Services and Applications (depending on the OS).

Locate the Reporter service:
a.

Right-click the service and select Stop.

b.

Right-click the service and select Properties.

c.

Select Log On.

d.

Select This Account.

e.

Enter the new username/password for the network. (You can also browse for
the user.)

f.

Click OK.

Right-click the Reporter service and select Restart.

The next time you launch Reporter, you can to access network shares when specifying the
directory using UNC path names.

15

Blue Coat Reporter Configuration and Management Guide

16

Chapter 3: Blue Coat Reporter Overview and Licensing

This chapter describes the main Blue Coat Reporter user interface components.

The Data Profiles/Settings Menu
The Administrative menu appears at the left of the main administrative page.

Figure 3-1. The Data Profiles/Settings menu.

The upper right corner of the header pane displays the logged-in username. As you
navigate other Reporter pages, clicking the Data profiles/settings link next to the
username returns you to this page.
The Administrative menu provides basic administrative functions, as follows.


Data Profiles—From this page, you can create new profiles, delete existing ones,
edit profile configuration information, or view reports for a profile (the Show
Reports link). See "Section A: About Data Profiles and Database Types" on page 22.



Scheduler—From this page, you can create, delete, and edit scheduled tasks. For

example, you can create a task to update all of your databases every night or to
send a report of the previous month by e-mail on the 1st of each month. See
"Section F: Configuring the Reporter Scheduler" on page 97 for more information.


Users—From this page, you can add or remove users and change the options for
each user. For example, you can determine which users have administrative access
and which profiles non-admin users are permitted to view. See "Section E: Creating
User Accounts" on page 50



Roles—From this page, you can create user roles. For example, create a role that
only contains reports that Human Resource personnel are concerned with, then
assign HR users to that role.



Settings—Access to the General, Server, E-mail, and Log Settings pages. From these

pages, configure system wide settings such as language, DNS translation, HTTPS,
SMTP, and memory usage.. See "Section F: Configuring Reporter Preferences" on
page 52


Licensing—From this page, you can add a license or change licensing from
Standard to Enterprise (if you are using a Trial license). See "Adding an Enterprise
License" on page 18.



Version—Displays the current Blue Coat Reporter version and build information.

17

Chapter 3: Blue Coat Reporter Overview and Licensing

Figure 3-2. License paramters.

About Reports and Log Filters
Reporter supports most Blue Coat access log formats, including custom log formats.


For v7 profiles, Reporter also supports sophisticated log filters, which allow you to
selectively eliminate portions of your log data from statistics, or convert values in log
fields.



For v8 profiles, during processing Reporter filters log lines with the following values:


If sc-status equals 407.



If sc-status is from 300 to 400.



If s-action is TCP_AUTH_REDIRECT.

Additionally, Reporter does not include byte counts (sc-byte or cs-byte) if the filter
result is denied.
Important: Do not confuse log filters with filters that appear in reports. Log filters
affect how the log data is processed; report filters affect the display of the database
data. The default Reporter log filters automatically perform the most common filter
operations (such as stripping query parameters). You can add or remove filters as you
fine tune your reports.

Access to Reporter is authenticated. Also, non-admin users can be limited to specific
profiles and not allowed to change Reporter configurations (such as filters). Reports can
also be distributed by creating static HTML files or through e-mail.
Reporter displays numerical information for each entry in the report. Depending on the
log type, this information varies; for example: page views, requests or hits, bytes
uploaded or downloaded, or P2P protocol information.
For more information on Blue Coat access logging, refer to Volume 9: Access Logging in the
Blue Coat SG Appliance Configuration and Management documentation suite.
Before reports can be viewed, you must create a profile and establish access rights.
Proceed to Chapter 4: "Managing Profiles and User Accounts" on page 21.

19

Blue Coat Reporter Configuration and Management Guide

20

Chapter 4: Managing Profiles and User Accounts

This chapter describes how to create and manage Reporter administrative and user
profiles and user accounts, configure security settings, and schedule times for report
generation.
This chapter contains the following sections:


"Section A: About Data Profiles and Database Types" on page 22



"Section B: Creating a v8 Data Profile" on page 26



"Section C: Creating a v7 Database Profile" on page 38



"Section D: Creating Roles (v8)" on page 47



"Section F: Configuring Reporter Preferences" on page 52

21

Blue Coat Reporter Configuration and Management Guide
Section A: About Data Profiles and Database Types

Section A: About Data Profiles and Database Types
This section provides concept information.

What is a Data Profile?
A data profile is comprised of a set of reports that are generated by processing a specified
log file or set of log files. You can create an unlimited number of data profiles (with an
Enterprise license). Given that each data profile can be unique—from the number of
reports that it has to the number and type of log files that it analyzes—you can evaluate
the entire scope of your enterprise Web access information.
Note: Although the number of data profiles is unlimited, use caution when creating
multiple profiles if your log data set is extremely large (dozens of gigabytes). Processing
large logs for multiple profiles or a profile spanning a year can cause system memory
allocation problems. For estimated optimal system guidelines, refer to the Reporter Sizing
Guide, which is available from the Blue Coat Web site.

Only Reporter administrators have the ability to create and edit data profiles and reports.
Administrators have access to all data profiles and log reports. You can also create nonadmin user accounts and associate them with specific roles. For example, you can create an
administrator account for the Human Resources Manager. With admin status, that person
has full access to Reporter to create user accounts for the HR staff. Each HR staff member
is given a non-administrator user account with a role—access only to specific data
profiles—assigned to the account. As non-admins, each HR staff member is able to view,
analyze, and send their assigned reports to other people through e-mail.
After data profiles are created, the Scheduler feature allows you to determine when
reports are generated.

The Default Profile
Reporter is installed with a default profile file called default_profile.cfg. This file is located
in the LogAnalysisInfo folder under the profiles subfolder. You can edit this file to establish
default settings for all future profiles. For example, if you have options that you want to
apply to every profile (such as a custom header or footer or default e-mail settings), you
can include them in all future profiles by editing this file. Blue Coat recommends editing
the default profile only after you understand how profiles function. See "Creating and
Editing Profile Files" on page 201.

About the v8 Data Profiles
The v8 database is designed to work with the SG appliance main log files, including large
dataset logs. It runs faster, uses less disk space and memory, and offers a wider array of
reports; however, it does not allow the use of custom-written filters for processing log
files. A v8 database can also operate in real time by specifying a link to the SG appliance to
receive streaming log updates. In addition to the selectable reports, this type of profile
employs the use of a customizable Dashboard to display various metrics.
The v8 data profiles also allow all objects requested by one Web page to be combined to
represent one page view. To learn more about the Page View Combiner (PVC), see "About
the Page View Combiner (v8)" on page 158.

22

Chapter 4: Managing Profiles and User Accounts

Section A: About Data Profiles and Database Types

Optimal Blue Coat SG Appliance Log Formats
Reporter v8 data profiles are compatible with the SG appliance main log format; however,
to optimize performance and maximize report content, Blue Coat recommends that the SG
appliance use the default Reporter log formats: bcreportermain_v1, bcreporterssl_v1, and
bcreportercifs_v1.
For older versions, you can create custom Reporter formats using the following fields:


For HTTP, FTP, TCP tunnel, and telnet data, use the following fields (the bold field
denote required for PVC):
date time time-taken c-ip cs-username cs-auth-group x-exception-id scfilter-result cs-categories cs(Referer) sc-status s-action cs-method
rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uriquery cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virusid



For HTTPS forward proxy data, use the following fields:
date time time-taken c-ip cs-username cs-auth-group x-exception-id scfilter-result cs-categories sc-status s-action cs-method rs(ContentType) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(UserAgent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observederrors x-rs-connection-negotiated-cipher-strength x-rs-certificatehostname x-rs-certificate-hostname-category



For CIFS data, use the following fields:
date time c-ip c-port r-ip r-port x-cifs-uid x-cifs-tid x-cifs-fid xcifs-method x-cifs-server x-cifs-share x-cifs-path x-cifs-orig-path xcifs-client-bytes-read x-cifs-server-bytes-read x-cifs-bytes-written
x-client-connection-bytes x-server-connection-bytes x-server-adnconnection-bytes x-cifs-client-read-operations x-cifs-client-writeoperations x-cifs-client-other-operations x-cifs-server-operations saction x-cifs-error-code cs-username cs-auth-group s-ip

Note: If you copy and paste these fields, ensure there are no unnatural spaces between
the fields; otherwise, compile errors occur. Copy and paste into Notepad first, then copy
and paste from Notepad into the log format field.

23

Blue Coat Reporter Configuration and Management Guide
Section A: About Data Profiles and Database Types
To create logs that contain the optimal formats:
In the SG appliance Management Console:
1.

Select Configuration > Access Logging > Formats.

2.

Click New.

3.

Create a new main log format for Reporter:

4.

5.

a.

Copy and paste the HTTP, FTP, TCP tunnel, and telnet fields from the first
bullet to create a new log format called bcreportermain.

b.

Change the default format for HTTP, FTP, TCP tunnel, and telnet log formats
to bcreportermain.

c.

Create a new log called bcreportermain that uses the bcreportermain format.

(Optional) For SSL Proxy deployments, create a new log format for Reporter:
a.

Copy and paste the HTTPS forward proxy fields from the second bullet to
create a new log format called bcreporterssl.

b.

Change the default format for HTTPS forward proxy to bcreporterssl.

c.

Create a new log called bcreporterssl using the bcreporterssl format.

Configure the upload client and schedule for each log, as required.
Note: Both formats can be used in the same v8 profile.

Volume 9: Access Logging of the Blue Coat SG appliance Configuration and Management Suite
provides more detailed information and procedures to configure Access Logging options.

Content Filtering Reporting
Blue Coat Reporter makes use of the x-exception-id in log formats. This allows you
when analyzing reports to distinguish between policy denied verdicts based on content
filtering settings versus denies because of other policy settings. How you employ xexception-id depends on your SGOS operating system:
SGOS 4.2.2 and later:
1.

Add the x-exception-id log field to the log format.

2.

Create a content filtering policy.

3.

Do not set the Action to Deny; instead, set it to Content_filtered_denied.

SGOS versions 4.1.1.x and previous:
1.

Add the x-exception-id log field to the log format.

2.

Create a content filtering policy.

3.

For the Action, create a content_filtered_denied Return Exception (VPM: New > Return
Exception > Built-in exception > content_filtered_denied). This inserts the
content_filtered_denied string into the x-exception-id field when content
denials occur.

24

Chapter 4: Managing Profiles and User Accounts

Section A: About Data Profiles and Database Types

About the v7 Profile
For smaller datasets; peer-to-peer (P2P), instant messaging (IM), and streaming media
logs; or Squid or other non-ELFF formats. Allows the use of many custom filtering
options.

Best Practice: Log Forwarding Frequency
While Reporter can process logs of varying sizes that are uploaded at any time, Blue Coat
recommends configuring the SG appliance to send log files to the location Reporter
obtains them from once every hour. Consider disk space, bandwidth, and other factors
when determining log size and upload frequency.

Next Step
Once you determine the database type, you are ready to create a profile. Perform the steps
in one of the following sections:


"Section B: Creating a v8 Data Profile" on page 26.



"Section C: Creating a v7 Database Profile" on page 38.

25

Chapter 4: Managing Profiles and User Accounts

Section B: Creating a v8 Data Profile

5.

On the Log Format dialog, Reporter automatically detects and displays available log
formats. Reporter v8 profiles current support the following fomats:


Blue Coat Original W3C Log Format (ELFF)—For main or SSL data logs.



Blue Coat CIFS Log Format—For CIFS data logs.

If Reporter detects the type of log file in the path specified in Step 4, this Log Format
wizard step is skipped. Proceed to Step 6 now for main log data profiles or Step 7 for
CIFS log data profiles.
Reporter cannot detect the log file type if:


There are currently no log files in the local directory;



If you selected a direct SG appliance link; -or-



The FTP server connection is not current possible.

Select a format and click Next. If you selected the CIFS format, proceed to Step 7.

31

Blue Coat Reporter Configuration and Management Guide
Section C: Creating a v7 Database Profile

5.

On the Log Format dialog, Reporter automatically detects and displays available log
formats. By default, Show autodetected is selected. Only detectable default log formats
are displayed, which always includes the Blue Coat Original W3C Log Format (ELFF).
Note: Only automatically detected log formats are supported. If you want to use a
custom format, but auto-detection fails, select the Blue Coat Custom Log Format
(visible by selecting Show All). If auto-detection fails when using another log format,
this usually indicates a corrupted log file.

Select a format and click Next.
Note: If you are using a Blue Coat custom log format, after you click Next the third

page of the New Profile dialog (Log Format String) displays. Enter the same string on
this screen that you entered when you created the custom format in the SG appliance
Management Console pane, located at Access Logging > Formats > Create Format. For
information about creating a custom log format, refer to the Access Logging chapter
in the Blue Coat SG Configuration and Management Suite: Volume 9: Access Logging.
The remaining numbered pages described below increase by one number when you
select this option.

42

Blue Coat Reporter Configuration and Management Guide
Section C: Creating a v7 Database Profile

Figure 4-3. The new profile appears on the Administrative page.

Next Step:




By default, all profiles are accessible. If you are the sole administrator and user of
Reporter, proceed to:


"Section F: Configuring Reporter Preferences" on page 52—Describes how to
configure profile preferences, including security preferences. -or-



Chapter 5: “Generating and Managing Reports” on page 59—Describes how to
view reports and configure schedules.

To create additional administrator accounts or non-admin user accounts that are
associated with the profile, continue to "Section E: Creating User Accounts" on page
50.

46

Chapter 4: Managing Profiles and User Accounts

Section D: Creating Roles (v8)

5.

(Optional) Restrict Report Data To—This is a simple filter mechanism that allows you
to, for this role, limit report data based on Client IP, Group, or User names. For
example, different Human Resource employees represent different groups in the
enterprise; you can create a role specific to each group. Or you want exclude executive
staff users from the report. This option is not or does not affect the Access to Filter
Page option.

6.

Click Save Changes.

Create multiple roles to cater your enterprise reporting requirments. Then create Reporter
users and assign them to roles, as described in Section E: "Creating User Accounts".

49

Chapter 4: Managing Profiles and User Accounts

Section E: Creating User Accounts

Creating New Administrative Users
To create a new Admin User, perform the procedure in the previous section, but select
Administrative access rights. The available roles disappear, as administrators have access
to all profiles.
The following screen is an example of two additional users created:


HR_VP_Jocelyn: Administrative.



IT_Carl: Non-admin, assigned to role IT_Security.

Figure 4-4. Example: Created users and the profiles they have access to.

Tips for Creating User Accounts


For maximum security, limit the number of user accounts with administrative access
rights. It is possible for a user with admin access to delete the original admin account.
Also, unbridled access to the Reporter server is a security risk.



For management purposes, create as few user accounts as possible.

51

Blue Coat Reporter Configuration and Management Guide

Important: Do not run other applications using the ports configured here on
the same computer Reporter is running on. Furthermore, if accessing Reporter
through a firewall, open both those ports.

c.

(Optional) By default, Reporter connections are sent over HTTP. To
implement secure HTTPS connections, select HTTPS. The HTTPS (secure)
Settings field just below become active.
Note: For Linux only: Reporter uses the OpenSSL package installed on the
host. If a compatible version of OpenSSL is not installed, the HTTPS option is
not available.

Continue to the next step.
3.

If you selected HTTPS in Step 2, the HTTPS certificate fields become active:
a.

b.

Select the certificate option:


Default Certificate: Select this option have Reporter generate a self-signed test
certificate (this is not as secure as the option in the next bullet). Proceed to
Step 4.



Enter Certificate: Select this option to import a proper certificate that has been
signed by a recognized Certificate Authority. Complete Step 3b.

If you selected Enter Certificate in Step 3a, the Server Certificate and Private
Key fields become active. Enter or paste the values, or click Browse and
navigate to their respective files, and add them to the fields.

4.

Click Save Changes. All Admin-authenticated Reporter sessions (including browsers
on other workstations) receive the same dynamic message (after they refresh or
change pages): "Reporter configuration has changed. A restart is required in order for
changes to take effect."

5.

For these configuration changes to occur, the Reporter server must be restarted (not
the Reporter browser). Any admin can browse to the Settings > Server Settings page
and click Restart Reporter, which becomes visible after Save Changes is clicked in
Step 5. Any Admin-authenticated browser can then restart the server. Before clicking
this button, verify Reporter is not processing any logs or reports.

54

Chapter 4: Managing Profiles and User Accounts

6.

After a few seconds, a link appears: Browse to Reporter with new settings. However,
this link does not indicate that the restart is complete. If any logs or reports are active,
or if the database is large, the restart might require several minutes. You can check the
the /LogAnalysisInfo/TaskLog file to determine the server restart status. Upon
verification, it is safe to click the link. The Reporter browser refreshes with the newly
activated configration.

Interactivity Notes


If the browser link is not able to connect to Reporter, check the TaskLog file. The most
common reason is that Reporter is still performing the restart. If HTTPS was just
configured, in rare instances Reporter might not have been able to generate a default
certificate, or use the provided certificate. In this case, Reporter still restarts, but
HTTPS is disabled and Reporter only accepts HTTP requests. If Reporter is not able to
restart with all of the configuration parameters, all Admin-authenticated sessions
display a red warning banner noting the startup failure. Review the TaskLog file for
more detail about the startup failure.



The Default certificate is generated with the IP address of the host running Reporter.
The certificate will no longer be valid if the IP address of the host is changed. For this
reason, the Default certificate and key are deleted when HTTPS is deselected and
Reporter is restarted. A new certificate and key is generated the next time HTTPS is
configured.



When Reporter is configured to use HTTPS, IE 6 produces a recurring security alert
pop-up. The alert is misleading because all data to and from Reporter is encrypted
when Reporter is configured to use HTTPS. IE 6 reports this alert immediately after
Login, and when browsing to various Web pages from the Data Profiles/Settings page,
or when browsing back to the Data Profiles/Settings page. The affected pages are using
data from both Web server ports. Regardless if Yes or No is selected in the pop-up, all
data in the page is displayed. There are no known IE 6 configuration settings which
will disable this pop-up.

Configuring E-mail Server Settings
The E-mail Settings page allows you to configure SMTP server information, if you want
Reporter-sourced e-mails to be routed through your SMTP deployment.
To configure security preferences:

55

Blue Coat Reporter Configuration and Management Guide



Hold buffer size: Reporter cannot process files on a disk or on the network

until they are read into the local memory. As log files come in many sizes,
sometimes it is be able to read an entire log file into memory, but other times
it cannot. The Hold Buffer size allocates local memory for processing log files
and simplifies the complexity of processing variable sized log files. The same
Received Buffer benefits apply here.
b.

Customize the Dataset flush interval options. This feature allows you to view
initial LogProcessor results well before a lengthy log file is processed. This is
especially important for Stream LogReaders because there is no end-of-file
aspect. A maximum dataset size threshold and time interval is provided, from
which a number of smaller check points are computed. While the dataset is
below the threshold size, the LogProcessor flushes the incomplete dataset
using the graduated frequency. After the threshold is exceeded, only the flush
interval determines how often the dataset is flushed. Large datasets require
significantly more time to flush than small datasets. Log processing is
suspended while the dataset is flushed.
Note: Currently, FTP/File LogProcessors do not use the interval.



Log reader FTP/File interval: Not available for this feature.



Log reader stream threshold: The maximum interval allowed before the
current dataset is flushed and made available to reports. Additional
graduated intervals are used while the dataset is less than the threshold.



Log reader stream interval: This value helps to determine the graduated check

points on streaming files. After the threshold is exceeded, only the flush
interval is used. If the value is small, it will quickly be exceeded and ignored.
This may be desirable if your system's disk operation is slow. If the value is
large, it causes the graduated flush frequency to stay in effect longer, at the
expense of increasing flush times as the dataset continues to grow.
3.

Click Save Changes.

Related Information
See "About Optimizing Log Processing Configurations (v8)" on page 161 for conceptual
information and "Altering Log Processing Options" on page 112 for similar configuration
options.

58

Chapter 5: Generating and Managing Reports

This chapter describes how to generate v7 and v8 profile reports, including how to alter
the scope of the report using date and expression filters, and how to schedule a report
generation time.
This chapter contains the following sections:


"Section A: Generating a Data Report Database" on page 60.



"Section B: Blue Coat v8 Data Profile Reports—Dashboards" on page 61.



"Section C: Blue Coat v8 Data Profile Reports" on page 73



"Section D: Blue Coat v7 Profile Reports" on page 83.



"Section E: Saving and Exporting Individual Reports" on page 93.



"Section F: Configuring the Reporter Scheduler" on page 97.

59

Chapter 5: Generating and Managing Reports

Section B: Blue Coat v8 Data Profile Reports—Dashboards

Section B: Blue Coat v8 Data Profile Reports—Dashboards
This section describes the menu and report structure for Reporter v8 data profiles.

About the Main Log Dashboard
When you click a Show Reports link from the Data Profiles page, Reporter displays the
Dashboard, which displays an initial set of individual, interactive panes of categorized
data.
Note: The example in this section demontrates main log files. The Dashboard for CIFS
log data profiles displays different reports that specifically represent file sharing and
server connection data.

Figure 5-1. Upon first access, the Dashboard displays several usage and metric reports.
Note: If the master.myprofiles_template file was removed from the Blue Coat Reporter/
LogAnalysisInfo/wd folder, you receive the following text display:

This dashboard contains no reports. They can be added by using the dropdown box
above. After added, reports can be customized and dragged to different locations within
the dashboard.
To switch to another data profile (if one is available), select one from the Data Profile dropdown list in the header bar.

61

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v8 Data Profile Reports—Dashboards

Figure 5-2. Change Dashboard view to another profile.

About the Log Reader Activity Report
The Log Reader Activity report is a dynamic report that displays log process information.

Processed log
data

Current log
processing data
Figure 5-3. The Log Reader Activity report, with access log reading in process.

As Reporter processes a log file or directory, you can track the status with the progress bar
displayed in the Log Reader section (if you have mutiple readers, they are segmented)
and the bytes processed metrics. Also displayed is the number of files in the queue to be
processed.
The processed log data fields display metrics for log files that Reporter has completed
scanning. If the profile contains a directory with multiple log files, these fields update
each time an individual log file is processed.
During active log processing, the header pane remains red. After the logs are processed,
the pane turns blue.

Figure 5-4. The Log Reader Activity Reports, all files in queue processed.

This pane provides the access log following processing information:

62

Chapter 5: Generating and Managing Reports

Section B: Blue Coat v8 Data Profile Reports—Dashboards
Processed Data:


Files—The total number of log files processed at the last interval.



Log Lines—The total number of log file lines processed at the last interval.



Bytes—The total number of bytes processed at the last interval.



Average performance—The average number of lines processed per second.

Reader Data (might have multiple readers):


Logfile directory—The path to the log file for this profile (as specified in the Profile

Wizard).


Logfile pattern—The suffix of the log file. The default is .log for text files and .log.gz
for compressed files.



Next check—How many more seconds before Reporter checks the source directory to
determine if new logs have been deposited or current logs have been updated or
removed. If new or updated logs are detected, Reporter automatically compiles these
and updates the dashboard with the new data.



Check interval—The configured interval between checks for log file updates. The
default is one minute.
Note: If you view the directory that contains the log file(s) for this profile after
Reporter compiles the database, the suffix .done is added to the file name if you
selected that option during the profile wizard procedure. For example:
corpusers.log.done.

This history link displays all of the logs processed for this profile.

Figure 5-5. History of process log files.
Note: If there is a problem in reading a file, the Reason and Status fields display any digit
other than zero, indicating the unsuccessful processing status.

Viewing the Speedometers
You can edit the Log Reader Activity report to view one or two graphical speedometers that
represent log reader performance, either for a specific log reader or an average of all log
readers.

63

Chapter 5: Generating and Managing Reports

Section B: Blue Coat v8 Data Profile Reports—Dashboards

Figure 5-8. The Stream Reader Activity report.

This pane provides the access log following processing information:
Profile Data:


Streaming Sessions—The total number of access log stream sessions received by

Reporter.


Log Lines—The total number of log file lines during this session.



Bytes—The total number of bytes processed during this session.



Pre-filtered—Combined lines using PVC. (See "About the Page View Combiner (v8)"

on page 158).
Reader Data (might have multiple readers):


Stream IP Address—The SG appliance IP address sending the stream for this reader.



Stream IP Port—The unique port number used for this stream reader connection.



Total Log Lines—How many access log lines have been read.



Currently Connected—The current connection status (Yes/No) of this reader.

Adding Usage Reports
The Dashboard features several pre-set reports that you can add. These reports display
categorized data if the log files associated with this profile contain the relevant log fields.
If the log fields are not present, the report is blank. For a reference of log fields required for
each report, see "CIFS Logs" on page 166 in Appendix A.

More Conceptual Information
To learn more about PVC, see "About the Page View Combiner (v8)" on page 158 in
Appendix A.

67

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v8 Data Profile Reports—Dashboards

About the CIFS Reduction Report
The Dashboard for CIFS log file profiles displays a large speedometer that reflects the
overall latency reduction, by percentage, obtained by employing the CIFS over the
Application Delivery Network (ADN) on the SG appliance.

Figure 5-13. The CIFS reduction report.

72

Blue Coat Reporter Configuration and Management Guide
Section C: Blue Coat v8 Data Profile Reports


Save—If a report attribute is changed on this page, the Save link becomes active. You
can save this customized report. "Using Easy Save" on page 93.



Email—Allows you to e-mail this report to any user (only available to admin users).
"Using Easy E-mail (Admin Only)" on page 106.



Schedule—Allows you to schedule this report to be generated or e-mailed (in PDF or

HTML format) at a specific time or periodic interval (only available to admin users).
See "Using Easy Schedule (Admin only)" on page 105.


Print—Allows you to send this report to a printer.



Regenerate—Regenerates the currently displayed report (not from the cache); use this
if you are caching reports and you know the database recently was updated.



Export—Allows you to export the report to a CSV file, which is readable by Microsoft
Excel, or a PDF file. See Section E: "Saving and Exporting Individual Reports" on page
94.



Rows per page—Allows you to configure how many rows display on this report.



Table Viewing Options—Changes which columns are visible, the sort order, and other

aspects of the report. These changes are for this session only. If you log out of and back
into Reporter, the changes do not remain. To make permanent changes to report
displays, see "Managing Reports" on page 115.

Zooming a Report
The Report page allows you to zoom, or drill-down, a report to view more targeted data.
Depending on the report, you can continue to zoom down multiple levels. For example,
you are viewing the Top Categories report, as demonstrated previously in this section. You
notice a high amount of data for Blocked by Request and click that link.

Reporter reformats the report and displays a list of URLs that were blocked, again sorted
highest to lowest by page views.

Each of these URL links is active, which breaks the data into individual days for that Web
site.
Report zooming functions the same for all reports, but the levels of zoom and data types
vary by report.

80

Chapter 5: Generating and Managing Reports

Section C: Blue Coat v8 Data Profile Reports

Viewing the Report Overview
The report Overview is the high-level, unfiltered, and non-segmented data of the report.
Data is presented for the aggregate totals and average per day (if the log file data spans
more than one day).

Figure 5-14. The Overview Report, showing data for a log that spans seven days.
Note: The Choose Active Filter link allows you to apply an Expression Filter. See

Section C: "Blue Coat v8 Data Profile Reports" on page 73.

Viewing the Full Log Detail Report
The Full Log Detail report displays unfiltered, non-segmented data of the report in a large
table format.

81

Chapter 5: Generating and Managing Reports

Section D: Blue Coat v7 Profile Reports

Section D: Blue Coat v7 Profile Reports
This section describes the report structure for profiles that feature the Blue Coat log
formats for peer-to-peer (P2P), streaming, instant messaging (IM), SQUID formats, and
other custom Extended Log File Formats (ELFF).

About the Overview Page
When you click Show Reports from the Data Profiles page, Reporter builds the database
(depending upon the log file size, this can take a large duration of time). After the
database compiles, Reporter displays statistical information on the Overview page.
The report Overview is the high-level, unfiltered, and non-segmented data of the report.
Data is presented for the aggregate totals and average per day (if the log file data spans
more than one day).

Figure 5-16. The Overview Report, showing data for a log that spans seven days.

Viewing Reports
This section describes the construct of a v7 profile report.

83

Blue Coat Reporter Configuration and Management Guide
Section D: Blue Coat v7 Profile Reports
To view a v7 profile report:

Expandable and
collapsible
reportmenus

1.

Select a report from the expandable/collapsible report menu. This example selects a
report that shows category data based on users by Web browsing category.

84

Blue Coat Reporter Configuration and Management Guide
Section D: Blue Coat v7 Profile Reports

Editing Filters
Access the Filter menu again. Deselect the filter, or edit or remove the filter by clicking the
links. Click Save and Close.

92

Chapter 5: Generating and Managing Reports

Section E: Saving and Exporting Individual Reports

4.

Select an option:


Save—Saves the file to a location you specify (standard Windows browse).



Open—Opens Microsoft Excel with the report in a spreadsheet format. The

spreadsheet can be saved.
This example demonstrates the Open feature on the Most popular categories—Hits report,
with added comments.

Figure 5-18. Customizing an exported report.

95

Chapter 5: Generating and Managing Reports

Section E: Saving and Exporting Individual Reports
Each exported report is given a name by default, based on the report name plus a Report
process number. You can save the report with any name. For a reference of default export
report names, see "Section C: v8 Profile Default Export File Names" on page 176 in
Appendix A.

96

Chapter 5: Generating and Managing Reports

Section F: Configuring the Reporter Scheduler

Note: Blue Coat does not recommend selecting All Reports, as processing all reports

would likely take a extended amount of time. The alternative is to define a filter in
the Extra options field (described below).
2.

Report date fields:

a.

To generate a report inclusive of all days included in the log file, select Show
entire available date range.

b.
3.

To narrow the scope to a specific day, month or year, select Show last, enter a
value, and select the time parameter.

Reports file folder—Specifies the folder in which to dispense the generated report.
Note: If you enter a path (for example, C:\report, the report is generated and placed
in the C:\report folder on the Reporter server, not on the client workstation.

4.

Select one of the following report format options:


Generate PDF files—The report is generated as a Adobe® Acrobat® PDF file and
deposited in the designated Reports file folder. By default, the row limit per file is

ten thousand (10,000). You can change this value. See "General Display/Output"
on page 115.


5.

Generate HTML files—The report is generated as an HTML file and deposited in
the designated Reports file folder. By default, the page limit per file is ten (10). You
can change this value. See "General Display/Output" on page 115.

Specify extra options. Extra options are added to the end of the command line (the
underlying action called by this action). This allows for complex scheduled actions by
overriding the default options. For example:
-f "(cs_username within 'BobKent')"

The report sent is limited to activity by the user BobKent. For a list of available
commands, see Appendix D:“Using Reporter from the Command Line Interface” on
page 219.
6.

Specify the schedule:
a.

Select Now to generate the report (After Save and Close is clicked).
-or-

b.

From the Use Month/Day/Hour/Minute drop-down list, select to rebuild every
10, 20, or 30 minutes. This example specifies to generate the report every 20
minutes.
-or-

c.

Select a month, day, hour, and minutes to specify when the rebuild occurs. If
you select a minute interval from the Use Month/Day/Hour/Minute drop-down
list, that setting takes precedence.

As you customize the time options, the selections appear in the Schedule field.
7.

Click Save and Close. The scheduled task appears on the Scheduler page.

100

Chapter 6: Configuring Data Profiles

From the Configuration menu, you can edit or add new log sources, edit or add log
filters, select database options, edit database tuning, and edit DNS lookup. The profile
configuration features vary dependent upon the type of profile: Blue Coat Extended
Log Format (v8) or Blue Coat Original or Custom Log Format (v7).
This chapter contains the following topics:


"Section A: Blue Coat v8 Data Profile Configuration" on page 108.



"Section B: Blue Coat v7 Profile Configuration" on page 129.

107

Chapter 6: Configuring Data Profiles

Section A: Blue Coat v8 Data Profile Configuration

2a: Local disk

2b: Another SG appliance as a
source

2.

Select a log source type from the drop-down list. This dialog is dynamic; the fields
change depending upon the selection:
a.

Local disk—Add another source from a disk on your system. For detailed
field descriptions.

b.

SG Link—Add an SG appliance as the new source.

c.

FTP—Add an FTP server as the location of the logs to process.

3.

Click Save and Close. The new log source displays on the Log Source(s) page.

4.

Click Restart to activate the changes to the log source.

For detailed information about the log source fields, see "Creating the Data Profile" on
page 26.

Editing a Log Source
This section describes how to edit an existing log source for this data profile.

111

Blue Coat Reporter Configuration and Management Guide
Section A: Blue Coat v8 Data Profile Configuration

Advanced Options
Altering memory allocation affects the efficiency of log processing, but can also alter the
performance of your PC if other applications do not have sufficient memory to perform
tasks.

By default, Windows 32-bit operating systems limit process memory to 2 GB, while others
are typically limited to 3 or 4 GB. Reporter hosts may have even less physical memory.
Log processors parse log file data into individual tables representing the hours recorded
in the log files. Log files with highly variant hour data cause the log processor to create
multiple tables in memory. As these tables comprise a large portion of Reporter memory,
memory starvation might occur under the limitations imposed by the operating system.
The log processing options allow you to balance the interactions between the available
system and process memory, the number of hours as well as the amount of data recorded
in the log files, and the cost of writing and reloading hour tables to and from disk.
Note: Before changing configuration, see "About Optimizing Log Processing
Configurations (v8)" on page 161 for conceptual information.

Table 6-2. Advanced log processing options
Option

Applies To

Description/Values

Max log hours in
memory

Log processing

This value limits the maximum number of hourtables in each LogTable. If abundant memory is
available, increasing this value reduces
unnecessary disk operations when LogProcessors
encounter unordered (see above) log files
containing multiple hours between them. After this
value is reached, the LogProcessor flushes the
oldest hour to disk before adding a new one.

114

Chapter 6: Configuring Data Profiles

Section A: Blue Coat v8 Data Profile Configuration
Table 6-2. Advanced log processing options
Option

Applies To

Description/Values

Min log hours in
memory

Log processing

This value limits the minimum number of hourtables each LogTable can concurrently hold in
memory. When physical memory is inadequate,
decreasing this value might allow successful
processing of larger log files at the expense of
increased disk operations. Conversely, raising the
limit might allow faster log processing. The range is
2 to 100 (hours). Two hours is the minimum
because Reporter must be allowed to hold both
hour-tables involved at a log hour boundary.

Preferred log hours in
memory

Log processing

Although the LogTable might grow to the
maximum log hour limit when necessary, it
typically only needs to hold a small number of
active hour-tables. This value helps keep the
LogTable at its most efficient memory size. Range:
this value cannot be lower than the Min log hours
in memory setting, nor greater than the Max log
hours in memory setting. Experiment with values
to achieve optimal system performance.

Min log hour time to
keep in memory

Log processing

As LogProcessors encounter sequential log hour
data, the past hours eventually become inactive
and unnecessary to keep in memory. This value
determines when past hours are flushed from
memory to help keep the LogTable at its most
efficient size. The range is 10 to 300 (seconds). The
higher the range, the more memory is required.

Risk Groups
The Risk Groups/Category page is a reference for the category field values that Reporter
tracks in its database. These categories are customizeable. You can add categories to or
remove categories from risk groups.
For a category/report reference, see Appendix A, "Section B: v8 Profile and Report Log
Field Reference" on page 165.

Managing Reports
This section describes the General Display/Output, Graph Display, and Reports pages.

General Display/Output
This page allows you to configure report display and output options, such as whether
page links display, table item or session path text lengths, and a user agent for e-mail or
report files.

115

Blue Coat Reporter Configuration and Management Guide
Section A: Blue Coat v8 Data Profile Configuration

Figure 6-1. The Edit Graph Display dialog.

3.

The four tabs allow you to edit various graph display options for the different types of
graphs. Edit options as required.



Graph Colors—Select color schemes for each graph type.
Chronological Graphs—Configure chronological graph and chart component

sizes.

4.



Graphs—Configure graph and chart component sizes.



Graph Legend—Configure legend text parameters.

Click Save and Close. The new settings appear on the Graph Display page.

Reports/Reports Menu
This section describes how to create a custom report and enter new a report menu name.
Note: The Reports/Reports Menu options are visible if an Enterprise License has been
entered. See "Adding an Enterprise License" on page 18.

The Reports/Reports Menu page allows you to:


Create a new report.



Edit an existing report.



Edit the Reports menu.

Creating a New Report
This section describes how to create a new report and configure its menu attributes.

120

Blue Coat Reporter Configuration and Management Guide
Section A: Blue Coat v8 Data Profile Configuration
Selected items appear on the Reports menu. The items in bold are main options, and
the items below them are the suboptions.
3.

Select to display either dynamic reports or static reports.

4.

Existing menu items:

5.

6.



To remove an item from the Report menu, deselect it. This does not delete the
report item, only deactivates it.



To edit a menu name or move it to another group, click Edit. In the dialog,
rename/change as required.



To permanently remove a menu item from this profile, click Delete. Deleting a main
option also deletes all suboptions.

To create a new menu group:
a.

Click New Menu Group.

b.

Select to create a new group or add to an existing group as a sub-group (select
from the drop-down list).

c.

Name the menu group and click OK.

To create a new menu item:
a.

Click New Menu.

126

Chapter 6: Configuring Data Profiles

Section A: Blue Coat v8 Data Profile Configuration

b.

Either select Add as single menu to create a single menu item or select Add to
menu group and select a group to add this item to from the drop-down list.

c.

Name the menu item.

d. From the Link to report drop-down list, select a report that is associated with
this menu item.
e.
7.

Click OK.

To sort the menu items (arrange how they appear in the Reports menu):
a.

Click Sort Menus.

b.

To sort main menu items, select Sort root; to rearrange sub-menu items within
a main item, select Sort menu group and select a group.

c.

Click Up or Down to move sort the menu items or groups.

d. Click OK.
8.

Click Save and Close.

The next time you navigate to the Reports page, the changed menu structure is visible.

Rebuilding a v8 Profile Database
If you configured the profile to annotate the processed log files with .done, rebuilding a
database for a v8 profile is a manual process.

127

Blue Coat Reporter Configuration and Management Guide
Section A: Blue Coat v8 Data Profile Configuration
To rebuild a v8 profile database:
1.

2.

From the Management Console > Profile page, delete the profile associated with the
database (this deletes the database). The deletion process might require substantial
time, depending on the size. Any attempts to re-create the profile before the database
is finishes the deletion process fail.
Perform one of the following:
a.

Windows: Browse to processed log directory and enter the following
command:
# rename *.done *.

b.
3.

Linux: In the Blue Coat Reporter > Extras folder, there is a script named
# reset.done. Run this script.

Recreate the profile and select the log file(s) to process.

128

Chapter 6: Configuring Data Profiles

Section B: Blue Coat v7 Profile Configuration

Log Filters
Log Filters perform translations, conversions, or selective inclusion (filter out) operations.
Important: Do not confuse Log Filters with the filters that appear in reports. Log
Filters affect how the log data is processed, and Report Filters affect what report data is
displayed.

For example, employ a Log Filter to reject (exclude) all log entries from a particular IP, or
all log entries during a particular time. Also, Log Filters can convert usernames to full
names, or simplify a field (for example, chop off the end of a URL, which might be
necessary to analyze a large proxy dataset efficiently).
Log Filters are also used for some log formats (including Web log formats) to differentiate
hits from page views based on file extensions or MIME type. For example, GIF files are
considered hits, not page views; therefore, the default filters for GIF hits set the hit field to
1 and the page view field to 0. The same method can be used for any profile to perform
any kind of categorization (for example, external versus internal hits for a Web log).
Reporter provides a user interface for implementing common log filter functions. An
advanced configuration language syntax is also available that provides full programming
language flexibility, including the use of if/then/else clauses, and/or/not expressions,
loops, and more.
See Appendix C: “Configuration File Reference” on page 199 for more information about
log filters.

Log Filters Tips
Reject all log entry types in which you are not interested. For example:


Authentication prompts—reject 407s.



If you are not interested in bandwidth calculations and only require to track where
users went, rejecting non-page views significantly increases Reporter performance.

Enabling a default Log Filter
Reporter features a default Log Filter of each type. Some Log Filters are enabled by default
(depending on the access log data); enabled Log Filters are identified by check marks. The
Log Filters are displayed in the order Reporter checks for criteria.
Enable other Log Filters, as required.

133

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v7 Profile Configuration
4. In the Value field, enter a value for the condition.
5. Click OK.
6. Click New Action.
7. From the Action drop-down list, select the action to take if the

specified condition matches. When you select an action, other fields
might display that require further information. Select and fill-in
options as required.
8. Click OK.
9. (Optional) To add an action to be taken if the condition is not met,
select Add optional action to be taken if condition is not met; from the
New Action drop-down list, select the additional action.

The following example is a Log Filter to not log entries from client IP address
10.1.1.1, but accept all other entries.

Figure 6-4. Log Filter example—action with matching criteria.

Click Save and Close; proceed to Step 5.
b.

Performance action only—Perform a specified action; no matching criteria
required. If you select this option, you must create at least one action (if you
create more than one action, you can sort the actions):
1. Click New Action.
2. From the Action drop-down list, select the action. When you select

an action, other fields might display that require further
information. Select and fill-in options as required
3. Click OK.

136

Chapter 6: Configuring Data Profiles

Section B: Blue Coat v7 Profile Configuration
4. Click New Action again to add more actions. If you have more than one
action, click Sort Actions to sort the actions, if necessary.

The following example is a Log Filter with multiple actions.

Figure 6-5. Log Filter example—multiple actions.

Click Save and Close; proceed to Step 5.
c.

Advanced expression syntax—Use this option to add your own filter
expressions. A list of valid log fields is displayed.
Important:

Advanced expression filters must end in a semicolon to be valid.

137

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v7 Profile Configuration

Figure 6-6. Log Filter example—advanced expression syntax.

5.

The Sort Filter tab allows you to rearrange the position of the filter in the filter list. For
example, place a deny filter at or near the top so that time is not wasted filtering
something that will ultimately be rejected.

6.

The Comment tab allows you to enter a text description of the custom Log Filter. Refer
to default Log Filters for example text.

7.

After the information on all three tabs is defined, click Save and Close. The filter is
displayed in the Log Filters page and is active. If you used the Sort Filter feature, the
newly created Log Filter appears in the proper place in the order Reporter scans the
enabled Log Filters for matching criteria.

138

Chapter 6: Configuring Data Profiles

Section B: Blue Coat v7 Profile Configuration

Figure 6-7. Log Filters—The new Log Filter appears as sorted.

After a filter is created, it remains associated with this profile. You can apply or remove a
filter from the report display, but you cannot select or apply this filter from another
profile.

Configuring the Database
This section describes the Database Options, Database Tuning, and Database Fields screens.

Database Options
The Database Options page allows you to specify where the database is stored, how often
the database is updated, whether the database is locked when in use, and whether you are
prompted before a database is erased.

139

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v7 Profile Configuration

Figure 6-8. The Edit Graph Display dialog.

3.

The four tabs allow you to edit various graph display options for the different types of
graphs. Edit options as required.



Graph Colors—Select color schemes for each graph type.
Chronological Graphs—Configure chronological graph and chart component

sizes.

4.



Graphs—Configure graph and chart component sizes.



Graph Legend—Configure legend text parameters.

Click Save and Close. The new settings appear on the Graph Display page.

Reports/Reports Menu
Note: The Reports/Reports Menu options are visible if an Enterprise License has been
entered. See "Adding an Enterprise License" on page 18.

The Reports/Reports Menu page allows you to:


Create a new report.



Edit an existing report.



Edit the Reports menu.

Creating a New Report
This section describes how to create a new report and configure its menu attributes.

148

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v7 Profile Configuration

5.

6.



To remove an item from the Report menu, deselect it. This does not delete the
report item, only deactivates it.



To edit a menu name or move it to another group, click Edit. In the dialog,
rename/change as required.



To permanently remove a menu item from this profile, click Delete. Deleting a main
option also deletes all suboptions.

To create a new menu group:
a.

Click New Menu Group.

b.

Select to create a new group or add to an existing group as a sub-group (select
from the drop-down list).

c.

Name the menu group and click OK.

To create a new menu item:
a.

Click New Menu.

b.

Either select Add as single menu to create a single menu item or select Add to
menu group and select a group to add this item to from the drop-down list.

c.

Name the menu item.

d. From the Link to report drop-down list, select a report that is associated with
this menu item.
e.
7.

Click OK.

To sort the menu items (arrange how they appear in the Reports menu):
a.

Click Sort Menus.

154

Chapter 6: Configuring Data Profiles

Section B: Blue Coat v7 Profile Configuration

b.

To sort main menu items, select Sort root; to rearrange sub-menu items within
a main item, select Sort menu group and select a group.

c.

Click Up or Down to move sort the menu items or groups.

d. Click OK.
8.

Click Save and Close. The next time you navigate to the Reports page, the changed
menu structure is visible.

155

Blue Coat Reporter Configuration and Management Guide
Section B: Blue Coat v7 Profile Configuration

156

Appendix A: Report Concepts and Reference

This appendix describes various concepts about reports aimed to help you further
understand the reporting process and provides a reference to the Blue Coat v7 and v8
report architecture.
This Appendix contains the following sections:


"Section A: Report Concepts" on page 158.



"Section B: v8 Profile and Report Log Field Reference" on page 165.



"Section C: v8 Profile Default Export File Names" on page 176.



"Section D: v7 Log Field Reference—Blue Coat Main Format" on page 179.

157

Blue Coat Reporter Configuration and Management Guide
Section A: Report Concepts

Section A: Report Concepts
This section provides deeper background information regarding Blue Coat Reporter
processes.

About the Page View Combiner (v8)
This section applies to Reporter v8 profiles.
The Page View Combiner (PVC) is called during Blue Coat Reporter v8 log processing.
The PVC combines multiple HTTP requests that are associated with a single Web page
into a single log line. When a user browses to a Web page, most often that page triggers
requests for more content, either from the same Web server or another server (for
example, a media server that stores video or image content). Rather than regard each of
these as separate requests, the PVC combines all of the related page requests into one.

158

Appendix A: Report Concepts and Reference

Section A: Report Concepts
The goals of the PVC are to:


Reduce the number of database entries from the original log file, which improves
report generation performance.



More closely represent user browsing activity reports, as each object (requested by the
first page from content servers) is not counted as a separate entry.

It is possible that Web objects normally combined to represent one page view might be
split into two page views. This occurs when, as a result of internal SG processing, the
profile log readers are halted or restarted.
If this occurs, no data is lost, but the profile database contains two page views. Continuing
with the example in the previous illustration:
8:40:20 cnn.com/html
8:40:20 i.cnn.com/ads/sponsor1.gif
[------end of log file------------]
[----beginning of new log file----]
8:40:21 cnn.com/news/story1.html
8:40:21 cnn.com/news/video1.asf

The first two entries are shown as one page view; the second two as another. However,
they represent a single page view requested by a user.
Requirements
The PVC requires the following fields in the logs:


cs-referer



sc-status



rs(Content-Type)

The Blue Coat-recommended log formats (see "Optimal Blue Coat SG Appliance Log
Formats" on page 23) contain these fields.
If these log fields are not present, no page-view combining occurs, and report data
represents separately every object requested.

About Field Value Normalization
By default when processing logs, Reporter normalizes the username and domain field
values in log files to lowercase. This occurs because differences in case in these fields
would affect the page view combining process (PVC) used by Reporter to combine
multiple log lines from a single page view (see "About the Page View Combiner (v8)" on
page 158).
Note: The auth-group field is also normalized, but this field is irrelevent to the PVC.

You can configure Reporter to not normalize these fields to lower case. However, you
must do this before any log data is processed for a profile. When a new profile is created
and there are unprocessed log files in the specified location, Reporter immediately begins
processing these log files. To prevent username and domain normalization, the profile
must be customized when there are no log files in the specified log source location.
To disable normalization on a database field:
1.

Open the file called profile_name.cfg, which is located in the LogAnalysisInfo\profiles
folder.

159

Blue Coat Reporter Configuration and Management Guide
Section A: Report Concepts
2.

Search in this file for the string: case_insensitive = "true". By default, it is located
under the database field definitions for both cs_host and cs_username.

3.

Either delete this line or changing it to case_insensitive = "false" to disable
normalization for that field.

4.

Save and close the file. Add log files to the target folder to begin processing.
Note: You can enable on normalization for other fields, such as cs_auth_group.
Add the line case_insensitive = "true" to the definition section for that database
field.

About Browse Time Calculations
This section describes how Reporter approximates how long a user was browsing.
Before discussing the current method, this is how Reporter 8.1 determined take taken. The
browse time value was in all reports except the Users > Sessions > Daily Session Details
report. For the sessions report, the calculated browse time was an estimation of time spent
in browsing sessions. A session is defined by a start time (the time at which a user initiates
activity (first request)) and an end time (the time at which the user is inactive for seven
continuous minutes). The seven minutes was a value determined by Blue Coat and coded
in Reporter.
Beginning with Reporter 8.2.x, only the session browse time is used for calculation;
however, the seven minute inactivity window is not tracked anymore. The PVC provides
a more accurate of user browse activity, but browse time is found in several reports in
version 8.2.
Additional Notes


One component of a unique session is the user-agents; therefore, if one system is using
two different browsers types (for example, Internet Explorer and Firefox), those are
counted as two different sessions.



If one browser is employing tab browsing (more than one tab open in the same Web
browser window, all tabs constitute one session.



If a user is logged into more than two systems and using authenticated credentials on
both systems:


If the report is based on user names, the sessions are combined.



If the report is based on IP addresses, the sessions are processed as different.

About Date Offset Calculations
Reporter v7 profiles have a value called date_offset that can be set to shift the times in
log file entries by a given number of hours. For example, if you are GMT+7 hours, and
your logs are in UTC, you can set a date_offset of 7 and your logs are converted to local
time when the database is built.
Reporter v8 profiles do not check the date_offset value, as v8 logs are assumed to be in
GMT and date/time values are converted to local time for reports. If you set a date filter, it
is calculated in local time. For example, if you want to see entries from March 1, the hour
boundaries for the day (00:00:00 - 23:59:59) are calculated in local time.

160

Appendix A: Report Concepts and Reference

Section A: Report Concepts

About Optimizing Log Processing Configurations (v8)
This section describes some conditions that affect log processing efficiency.

About Access Log Naming Conventions
This section provides suggestions for Blue Coat SG appliance access log naming
conventions, especially for deployments that require processing a large number of log
files over a longer duration of time.
For optimal Reporter performance, configure your access logs to use the following
filename format:
xxxxxxxxxxxxxxxNddddddddddd.log.gz

where:


x represents any valid character that can be used in naming a log file (letters,
digits, underscore, dash) .



N represents a non-decimal-digit character .



d represents a decimal digit. This number, preceding the log file extension,
determines the order in which the log files are processed. The log file ordering is
performed identically for both local disk and FTP log sources. The value of the
number must be positive and fit within a 32-bit integer. This basically means that
the number must have no more than eleven decimal digits and be less than or
equal to 2147483647. If the number is interpretable as a larger value, the result that
is left in a 32-bit signed integer can give rise to odd results and the proper ordering
is not assured.



.log.gz is the extension of the (compressed) log file.

DECIMAL DIGIT NOTES
The decimal digit number is the key part of the format.


If this number does not provide a complete ordering on the set of log files, then the log
processing speed suffers because of internal log table thrashing.



A filename format of MMDDhhmmss is inadequate because the files process
chronologically, except at year-end when they temporarily process out-of-order
because of the December (MM = 12) rollover into January (MM = 01) where January files
sort before December.



A filename format of hhmmss is more problematic because log files are processed outof-order whenever one day rolls into the next.



Given these constraints, to ensure the most efficient log file ordering, format this
eleven-digit number as: YYJJJhhmmss, where:


YY = two-digit year (00 – 99)



JJJ = three-digit julian day of the year (001 – 366)



hh = two-digit hour of the day (00 – 23)



mm = two-digit minute of the hour (00 – 59)



ss = two-digit second of the minute (00 – 59)

Using this format allows Reporter to properly order log files through the year 2021.

161

Blue Coat Reporter Configuration and Management Guide
Section A: Report Concepts


The default filename format used for log files on the SG appliance has the following
text and specifiers: SG_%f_%c_%l%m%d%H%M%S.log.gz.


%f = log name (facility)



%c = name of the external certificate used for encryption, if any



%l = the fourth parameter of the SG appliance IP address (101.102.103.104)



%m = two-digit month (01 – 12)



%d = two-digit day (01 – 31)



%H = two-digit hour (00 – 23)



%M = two-digit minute (00 – 59)



%S = two-digit second (00 – 59)



.log.gz = extension

The suggested filename format for log files on the SG appliance slightly alters the
default and has the following text and specifiers:
SG_%f_%c_%l%m%d_%y%j%H%M%S.log.gz.


%y = two-digit year, without century (00 – 99)



%j = three-digit julian day within year (001 – 366)

The value of this naming convention for log files is very evident when processing
large numbers of log files (spanning multiple days and months) occurs. The value is
less evident when log file generation and processing occurs regularly (daily or more
frequently) so that out-of-order files occur infrequently. However, when re-processing
large sets of log files, the naming convention is essential.

About Chronological Ordering
Each profile creates and manages its own memory resident LogTable. Each LogTable is
comprised of hour-tables containing data for each hour the profile's LogProcessors spend
reading log files. These tables constitute some of the most active memory in Reporter, and
therefore have a significant impact on overall log processing performance. If all log files
were processed in chronological order, there would never be more than one hour-table
necessary in memory. It is common for LogProcessors to encounter batches of log files
spanning multiple hours between them. If they are processed out of chronological order,
performance significantly improves by allowing the number of hour-tables to grow,
provided there is sufficient process memory. Conversely, during low memory conditions,
reducing the number of hour-tables prevents unnecessary memory starvation and
subsequent disk operations (swapping files in and out of memory).
In Reporter 8.2.2, additional logic was added to the LogProcessors to help process log data
in a more chronological order. The LogProcessors order log files based on a numeric field
in the filename, when it is present. The field is part of the filename format described in the
SG Appliance Configuration and Management Guide (see “Configuring the Upload Client”).
The default filenames created by the SG appliance contain a Month/Day/Hour/Minute/
Second timestamp immediately preceding the .log or .log.gz suffix; for example:
SG_Main_HQ-1_1102081500.log.gz. If the filename ends with .log or .log.gz, the
LogProcessor parses it for any purely numeric sequence immediately preceding the
required suffix. If one is found, it is then used to sequentially order that batch of log files.

162

Appendix A: Report Concepts and Reference

Section A: Report Concepts
You can significantly improve LogProcessor performance by naming the log files with any
ordered numeric values that comply with this format. For example:
anyfilenameprefix123.log or some-other-prefix-84757.log.gz.

About Known Conditions for Efficiency/In-efficiency
The many variables involved in processing log files prevents the ability to present a clear
set of recommended profile configuration settings. Some of these variables include:


64 bit versus 32 bit operation systems.



Variant log file sizes, small to extremely large (dozes of gigabytes).



Available memory for Reporter resources.

In addition to the your knowledge of your systems and the system guidelines in the Blue
Coat Reporter Sizing Guide (available from the Blue Coat Web site), understanding the
following conditions that both aid and hinder Reporter log processing functionality can
help you modify profile configuration options to optimize efficiency.
Known Conditions for Efficient Processing


Allocating as much host resources to Reporter as possible.



Retaining as much active data in memory as is physically possible.



Processing external data in large chunks or smaller chunks, depending on a myriad of
variables.

Known Conditions for In-efficient Processing


Having insufficient memory to retain all of the active data.



Consuming extra time to write processed data and inactive data from memory to disk.



Inactive data or other applications are consuming too much memory.



Reporter runs slow because it forces the system to constantly read and write because
there is not enough data in memory or there is too much data in memory.



Reporter runs well, but other errors occur:


Data is not available for report generation because it has not been written to disk
yet.



Reporter crashes because the dataset is too large.



Other applications suffer from Reporter’s resource use.

About Database Purging
Each profile maintains its own database. Most of the database is kept in memory. If the
entire database is not occasionally purged, it would continue to consume more of the
process memory as new log files are processed. As the database grows, profile
configuration settings that were previously beneficial might now become detrimental. As
a general guideline, Blue Coat recommends databases contain a maximum of 30 days of
log data. However, the amount of log data is just as, if not more, relevant than the number
of days in the data sets.

163

Blue Coat Reporter Configuration and Management Guide
Section A: Report Concepts

About Configuration Options
The profile configurations in "Configuring Log Settings (v8)" on page 56 and "Altering
Log Processing Options" on page 112 allow you to specify various memory allocation and
database action options to attempt to balance these opposing requirements. The default
values of these options were determined by Blue Coat through moderate internal testing.
Increasing some LogTable and buffer sizes might be beneficial if there is process memory
available and the buffers are always being filled to capacity. However, many of thresholds
are constantly changing from moment to moment. Even breaching just over a threshold
can also cause significant degradation. Also, reading data from external locations in small
segments is generally slower than reading large segments. Conversely, creating large
buffers might be affect performance because they take too much time to read in or write
out all at once.

164

Appendix A: Report Concepts and Reference

Section B: v8 Profile and Report Log Field Reference

Section B: v8 Profile and Report Log Field Reference
This section lists each report, organized by category, and lists the SG access log fields
required to populate each particular report.

Report Field/Log Field Names
This section provides a reference table that lists the report field to log field association.
Report fields are what comprise various reports, based on the information contained in
the access log. The contents of an access log are determined by the log field names (which
determine what data types are captured during the SG appliance logging process). Some
log field names correlate to absolute data (such as URLs), others derive information access
log variables (such as browsing duration).

Main Logs
In the following table, italicized report field name text indicates the derived data.
Report Field Name

Log Field Name

cs(Referer)

cs(Referer)

browse_time

Calculated at run-time from user session and stored as database field.

c-ip

c-ip

cs_auth_group

cs_auth_group

cs_bytes

cs_bytes

cs_host

cs-host

cs-method

cs-method

cs_uri_extension

cs-uri-extension

cs_uri_path

cs-uri-path

cs_url_query

cs-url-query

cs_url_scheme

cs-url-scheme

cs_user_agent

cs(User-Agent)

cs_username

cs-username

date

date

date_time

date + time

day_of_week

Derived from date.

165

Blue Coat Reporter Configuration and Management Guide
Section B: v8 Profile and Report Log Field Reference
Report Field Name

Log Field Name

hits

Calculated from page_views + all related log entries.

hour_of_day

Derived from time.

month

Derived from date.

requests (same as page
views or hits)

Calculated during database generation and stored as database field.

risk_group

Dependent on sc-filter-category.

rs_content_type

rs(Content-Type)

s_action

s-action

sc_bytes

sc_bytes

sc_filter_category

cs-categories (or cs-category or sc-filter-category)

sc_filter_result

sc-filter-result

sc_status

sc-status

session_number

Calculated during report generation.

time

time

time_taken

time-taken

total_bytes

cs_bytes + sc_bytes

url

Combined from (uri-scheme://cs-host/cs-url-path [csurl-query]).

week

Derived from date.

x_virus_id

x-virus-id

year

Derived from date.

CIFS Logs
Report Field Name

Log Field Name

cifs_reserve

x-cifs-path

year

date

month

date

166

Appendix A: Report Concepts and Reference

Section B: v8 Profile and Report Log Field Reference
Report Field Name

Log Field Name

week

date

hour

date

day_of_week

date

hour_of_day

date

cifs_count

calculated field

cifs_duration

calculated from date

cifs_file_size_
open

calculated from date and file size

cifs_file_size_
close

calculated from date and file size

cifs_bw_gain_total

x-client-connection-bytes

cifs_bw_gain_data

x-cifs-client-bytes-read

cifs_bw_gain_data_
bytes

x-cifs-client-bytes-read

cifs_client_bytes_
data

x-cifs-client-bytes-read

cifs_cache_bytes

x-cifs-client-bytes-read

cifs_cache_hits

x-cifs-client-bytes-read

cifs_client_
operations

x-cifs-client-read-operations

cifs_open_
operations

x-cifs-method

cifs_read_
operations

x-cifs-client-read-operations

cifs_write_
operations

x-cifs-client-write-operations

cifs_other_
operations

x-cifs-client-other-operations

cifs_server_
operations

x-cifs-server-operations

167

Blue Coat Reporter Configuration and Management Guide
Section B: v8 Profile and Report Log Field Reference
Report Field Name

Log Field Name

cifs_client_bytes_
total

x-client-connection-bytes

cifs_client_bytes_
read

x-cifs-client-bytes-read

cifs_client_bytes_
written

x-cifs-bytes-written

cifs_server_bytes_
uncomp

x-server-connection-bytes

cifs_server_bytes_
total

x-server-adn-connection-bytes

cifs_server_bytes_
data

x-cifs-server-bytes-read

cifs_file_size

x-cifs-file-size

total_bytes

cs_bytes + sc_bytes

date_time

date

time

date

cifs_error_code

x-cifs-error-code

cifs_user_id

x-cifs-uid

cifs_share_id

x-cifs-tid

cifs_resource_id

x-cifs-fid

c_ip

c-ip

c_ip_port

c-ip and c-port

r_ip

r-ip and r-port

r_ip_port

r-port

cifs_server

x-cifs-server

cifs_share

x-cifs-share

cifs_path

x-cifs-path

s_ip

s-ip

168

Appendix A: Report Concepts and Reference

Section B: v8 Profile and Report Log Field Reference
Report Field Name

Log Field Name

cifs_resource_type

x-cifs-file-type

cifs_action

s-action

cifs_method

x-cifs-method

Reports/Log Field Matrix
This section provides a table that lists which log fields are required to populate each
report. Use this reference to customize your SG appliance access logs to generate the type
of reports required for your enterprise.

Notes


Any report that uses cs_username can use either cs_username or c_ip, depending on
what was selected during the profile creation. The only exception is the spyware infected
clients, which must have c-ip.



To calculate date and time, v8 profiles can employ different date and time log fields.
Log field

Output

date + time

YYYY-MM-DD + HH:MM:SS (GMT/UTC)

gmttime

DD/MM/YYYY:hh:mm:ss GMT

localtime

DD/MMM/YYYY:hh:mm:ss +nnnn

timestamp

seconds since epoch in utc/gmt

x-timestamp-unix-utc

seconds since epoch in utc/gmt

x-timestamp-unix

seconds since epoch in local time

Main Log Field Matrix
These reports are URL-centric; they display reports that reflect browsing activity.
Category

Report
Overview

Required Fields
time_taken, sc_bytes_cs_bytes

169

Blue Coat Reporter Configuration and Management Guide
Section B: v8 Profile and Report Log Field Reference

Traffic

Log Detail

c-ip, cs-auth-group, cs-bytes, cshost, cs-uri-path, cs-uri-query,
cs(User-Agent), cs-username, date, saction, s-bytes, cs-categories, scstatus, time, time-taken, cs-urischeme, cs-uri-port, x-rscertificate-observed-errors, x-rscertificate-hostname, x-rscertificate-hostname-category, x-rsconnection-negotiated-cipher-strength

Days

date, cs-bytes, sc-bytes, time, timetaken

Days of week

date, cs-bytes, sc-bytes, time, timetaken

Hours of day

time, cs-bytes, sc-bytes, time-taken

Years/months/days

date, cs-bytes, sc-bytes, time, timetaken

ICAP virus IDs

cs-bytes, sc_bytes, time-taken, xvirus-id

ICAP virus URL detail

cs-bytes, cs-uri-path, cs-uri-query,
cs-uri-scheme, sc_bytes, time-taken,
x-virus-id

ICAP virus user detail

{c-ip -or- cs-username}, cs-bytes,
sc_bytes, time-taken, x-virus-id

Blocked suspected spyware

cs-bytes, cs-uri-path, cs-host, csuri-query, cs-uri-scheme, sc_bytes,
sc-filter-result, time-taken

Spyware infected clients

c-ip, cs-bytes, cs-host, sc-bytes,
sc-filter-category, time-taken

Spyware traffic

cs-bytes, cs-host, sc-bytes, scfilter-category, time-taken

Certificate errors

x-rs-certificate-observed-errors, xrs-certificate-hostname, sc-bytes,
cs-uri-port

Cipher strength

{cs-username -or- c-ip}, cs(UserAgent), x-rs-certificate-hostname, xrs-connection-negotiated-cipherstrength, sc-bytes, cs-uri-port

Port 443 disposition

{cs-username -or- c-ip}, cs(UserAgent), s-action, x-rs-certificatehostname, sc-bytes, cs-uri-port

Certificate hostname category

{cs-username -or- c-ip}, s-action, xrs-certificate-hostname, sc-bytes,
cs-uri-port

Security
Anti-virus

Spyware

SSL

170

Appendix A: Report Concepts and Reference

Section B: v8 Profile and Report Log Field Reference
Activity Summary
Daily
Summary

Most
active

Most
blocked

Top daily users

date, {cs-username -or- c-ip}, csbytes, sc-bytes

Top daily protocols

date, cs-uri-scheme, cs-bytes, scbytes

Daily categories by user

date, {cs-username -or- c-ip}, cscategories, cs-bytes, sc-bytes

Daily categories by group

date, cs-auth-group, cs-categories,
cs-bytes, sc-bytes

Daily filtering verdicts

date, sc-filter-result

Top summary

cs-uri-scheme, cs-bytes, sc-bytes,
cs-host, sc-filter-result

Categories by user

{cs-username -or- c-ip}, sc-filtercategory or cs-categories, sc-bytes,
cs-bytes

Categories by group

cs-auth-group, cs-categories, csbytes, sc-bytes

Top users

{cs-username -or- c-ip}, cs-bytes,
sc-bytes

Top groups

cs-auth-group, cs-bytes, sc-bytes

Top categories

{cs-categories -or- sc-filtercategory}, cs-bytes, sc-bytes

Top sites

cs-host, {cs-categories -or- scfilter-category}, cs-bytes, sc-bytes,
time_taken

Top protocols

cs-uri-scheme, cs-bytes, sc-bytes

Top file types

cs-uri-extension, cs-bytes, sc-bytes

Top blocked users

sc-filter-result, {cs-username -orc-ip}, cs-bytes, sc-bytes

Top blocked groups

sc-filter-result, cs-auth-group, csbytes, sc-bytes

Top blocked sites

sc-filter-result, cs-host, {scfilter-category -or- cs-categories},
cs-bytes, sc-bytes

Top blocked protocols

sc-filter-result, cs-uri-scheme, csbytes, sc-bytes

Top blocked file types

sc-filter-result, cs-uri-extension,
cs-bytes, sc-bytes

171

Blue Coat Reporter Configuration and Management Guide
Section B: v8 Profile and Report Log Field Reference
Filtering
verdicts

Filtering verdicts by user

{cs-username -or- c-ip}, sc-filterresult

Filtering verdicts by group

cs-auth-group, sc-filter-result

Filtering verdicts by risk group

sc-filter-category, sc-filter-result

Activity by site
By date

By user

By group

Daily sites by user

date, {cs-username -or- c-ip}, cshost, {sc-filter-category -or- cscategories}, sc-bytes, cs-bytes

Daily sites by group

date, cs-auth-group, cs-host, {scfilter-category -or- cs-categories},
sc-bytes, cs-bytes

Daily sites by category

date, {sc-filter-category -or- cscategories}, cs-host, sc-bytes, csbytes

Daily sites

date, cs-host, {sc-filter-category
-or- cs-categories}, sc-bytes, csbytes, time_taken

Daily sites by protocol

date, cs-uri-scheme, cs-host, csbytes, sc-bytes

Sites by user

{cs-username -or- c-ip}, cs-host,
{sc-filter-category -or- cscategories}, cs-bytes, sc-bytes

Sites by user and verdict

{cs-username -or- c-ip}, sc-filterresult, cs-host, cs-bytes, sc-bytes

Sites by user and category

{cs-username -or- c-ip}, cs-host,
{sc-filter-category -or- cscategories}, cs-bytes, sc-bytes

Sites by user and protocol

{cs-username -or- c-ip}, cs-urischeme, cs-host, {sc-filter-category
-or- cs-categories}, cs-bytes, scbytes

Sites by protocol and user

cs-uri-scheme, cs-username, cs-host,
cs-bytes, sc-bytes

Sites by group

cs-auth-group, cs-host, {sc-filtercategory -or- cs-categories}, scbytes, cs-bytes

Sites by group and verdict

cs-auth-group, sc-filter-result, cshost, sc-bytes, cs-bytes

Sites by group and protocol

cs-auth-group, cs-uri-scheme, cshost, {sc-filter-category -or- cscategories}, sc-bytes, cs-bytes

Sites by protocol and group

cs-uri-scheme, cs-auth-group, cshost, sc-bytes, cs-bytes

172

Appendix A: Report Concepts and Reference

Section B: v8 Profile and Report Log Field Reference
Activity by date/time
Activity detail by user

cs-username, date, cs-host, cs-urischeme, cs-uri-query, cs-uri-path,
{sc-filter-category -or- cscategories}, sc-filter-result, csbytes, sc-bytes

Activity detail by category and
user

{sc-filter-category -or- cscategories}, cs-username, date, time,
cs-host, cs-uri-scheme, cs-uri-query,
cs-uri-path, sc-filter-result, scbytes, cs-bytes

Session details

date, time, cs-host, cs-uri-scheme,
cs-uri-query, cs-uri-path, {scfilter-category -or- cs-categories}

Activity detail by group

cs-auth-group, date, time, cs-host,
cs-uri-scheme, cs-uri-query, cs-uripath, {sc-filter-category -or- cscategories}, sc-filter-result, csbytes, sc-bytes, time-taken

Activity detail by category and
group

cs-auth-group, date, time, cs-host,
cs-uri-scheme, cs-uri-query, cs-uripath, {sc-filter-category -or- cscategories}, sc-filter-result, csbytes, sc-bytes

Activity detail for users by
group

cs-auth-group, cs-username or c-ip,
date, time, cs-host, cs-uri-scheme,
cs-uri-query, cs-uri-path, {scfilter-category -or- cs-categories},
sc-filter-result, cs-bytes, sc-bytes

By
category

Activity detail by category

sc-filter-category or cs-categories,
date, time, cs-uri-path, cs-uriquery, cs-uri-scheme, cs-host, scfilter-result, sc-bytes, cs-bytes

By
protocol

Activity detail by protocol

cs-uri-scheme, date, time, cs-host,
cs-uri-query, cs-uri-path, {scfilter-category -or- cs-categories},
sc-filter-result, sc-bytes, cs-bytes,
time-taken

Trend

Filtering verdict trends

date, sc-filter-result

Protocol trends (bytes)

date, cs-uri-scheme, cs-bytes, scbytes

Protocol trends (hits)

date, cs-uri-scheme

Risk group trends

date, sc-filter-result, {sc-filtercategory -or- cs-categories}

By user

By group

173

Blue Coat Reporter Configuration and Management Guide
Section B: v8 Profile and Report Log Field Reference
Cost

Cost details by user

{cs-username -or- c-ip}, cs-host, scfilter-category or cs-categories, csbytes, sc-bytes

Cost details by group

cs-auth-group, cs-host, {sc-filtercategory -or- cs-categories}, scbytes, cs-bytes

Cost details by user and date

date, {cs-username -or- c-ip}, cshost, sc-bytes, cs-bytes

Cost details by group and date date, cs-auth-group, {cs-username
-or- c-ip}, cs-host, sc-bytes, csbytes
Cost summary per user
(bytes)

date, {cs-username -or- c-ip}, scbytes, cs-bytes

Cost summary per user
(browse time)

{cs-username -or- c-ip}, date, time

Cost summary per group

date, cs-auth-group, sc-bytes, csbytes

CIFS Log Field Matrix
These reports reflect CIFS (Microsoft application file sharing) activity.
Category

Traffic

Report

Required Fields

Overview

x-cifs-server-bytes-read, x-cifsbytes written, x-cifs-client-bytesread, x-adb-server-bytes, x-serverconnection-bytes, x-cifs-client-ops,
x-cifs-client-write-ops, x-cifsclient-other-ops, and x-cifs-serverops

Month

date, x-cifs-client-bytes-read, xcifs-server-bytes-read

Date

date, x-cifs-client-bytes-read, xcifs-server-bytes-read

Days of week

date, x-cifs-client-bytes-read, xcifs-server-bytes-read

Hours of Day

date, x-cifs-client-bytes-read, xcifs-server-bytes-read

174

Appendix A: Report Concepts and Reference

Section B: v8 Profile and Report Log Field Reference
CIFS
Summary
Reports
Spyware

CIFS
Diagnostics
Reports

CIFS Server

x-cifs-server, x-cifs-server-bytesread, x-cifs-client-bytes-read, xcifs-server-operaions, x-cifs-clientread-operations

CIFS Share

x-cifs-share, x-cifs-server-bytesread, x-cifs-client-bytes-read, xcifs-server-operaions, x-cifs-clientread-operations

CIFS UNC Path

x-cifs-unc-path, x-cifs-file-type, xcifs-server-bytes-read, x-cifsclient-bytes-read, x-cifs-serveroperaions, x-cifs-client-readoperations

CIFS Proxy IP

s-ip, x-cifs-server-bytes-read, xcifs-client-bytes-read, x-cifsserver-operaions, x-cifs-client-readoperations

CIFS Client IP

c-ip, x-cifs-server-bytes-read, xcifs-client-bytes-read, x-cifsserver-operaions, x-cifs-client-readoperations

CIFS Method

x-cifs-server, x-cifs-method

CIFS Action

x-cifs-server, x-cifs-action

175

Blue Coat Reporter Configuration and Management Guide
Section C: v8 Profile Default Export File Names

Section C: v8 Profile Default Export File Names
This section provides a reference for the default exported report file names. When
exporting and converting a report file from .csv to a Microsoft Excel spreadsheet, the
spreadsheet is given a default name (see "Exporting a Report" on page 94).
The following reference tables are categorized as they are in the Reporter menu.
Report

Export Name

Overview

overview

Log Detail

log_detail_xxxxxxx

Days

t_days

Days of week

t_days_of_week

Hours of day

t_hours_of_day

Years/months/days

t_years_months_days

ICAP virus IDs

icap_virus_ids

ICAP virus URL detail

icap_virus_url_detail

ICAP virus user detail

icap_virus_user_detail

Blocked suspected spyware

blocked_suspected_spyware

Spyware infected clients

spyware_infected_clients

Spyware traffic

spyware_traffic

Certificate errors

certificate_errors

Cipher strength

cipher_strength

Port 443 disposition

port_443_disposition

Certificate hostname category

certificate_hostname_category

Top daily users

top_daily_users

Top daily protocols

top_daily_protocols

Categories by user

categories_by_user

Categories by group

categories_by_group

Daily categories by user

daily_categories_by_user

Daily categories by group

daily_categories_by_group

Daily filtering verdicts

daily_filtering_verdicts

Top summary

monthly_overview

Top users

top_users

Top groups

top_groups

Top categories

top_categories

176

Appendix A: Report Concepts and Reference

Top sites

top_sites

Top protocols

top_protocols

Top file types

top_file_types

Top blocked users

top_blocked_users

Top blocked groups

top_blocked_groups

Top blocked sites

top_blocked_sites

Top blocked protocols

top_blocked_protocols

Top blocked file types

top_blocked_file_types

Filtering verdicts by category

filtering_verdict_by_category

Filtering verdicts by user

filtering_verdict_by_user

Filtering verdicts by group

filtering_verdict_by_group

Filtering verdicts by risk group

filtering_verdict_by_risk_group

Daily sites by user

daily_sites_by_user

Daily sites by group

daily_sites_by_group

Daily sites by category

daily_sites_by_category

Daily sites

daily_sites

Daily sites by protocol

daily_sites_by_protocol

Sites by user

sites_by_user

Sites by user and verdict

sites_by_user_and_verdict

Sites by user and category

sites_by_user_and_category

Sites by user and protocol

sites_by_user_and_protocol

Sites by protocol and user

sites_by_protocol_and_user

Sites by group

sites_by_group

Sites by group and verdict

sites_by_group_and_verdict

Sites by group and protocol

sites_by_group_and_protocol

Sites by protocol and group

sites_by_protocol_and_group

Activity detail by user

activity_detail_by_user

Activity detail by category and
user

activity_detail_by_category_and_user

Session details

session_details

Activity detail by group

activity_detail_by_group

Activity detail by category and
group

activity_detail_by_category_and_group

Activity detail for users by
group

activity_detail_for_users_by_group

177

Blue Coat Reporter Configuration and Management Guide

Activity detail by category

activity_detail_by_category

Activity detail by protocol

activity_detail_by_protocol

Filtering verdict trends

filtering_verdict_trends

Protocol trends (bytes)

protocol_trends_bytes

Protocol trends (hits)

protocol_trends_hits

Risk group trends

risk_group_trends

Cost details by user

cost_details_by_user

Cost details by group

cost_details_by_group

Cost details by user and date

cost_details_by_user_and_date

Cost details by group and date

cost_details_by_group_and_date

Cost summary per user
(bytes)

cost_summary_per_user_bytes

Cost summary per user
(browse time)

cost_summary_per_user_browse_time

Cost summary per group

cost_summary_per_group

178

Appendix A: Report Concepts and Reference

Section D: v7 Log Field Reference—Blue Coat Main Format
The Blue Coat default Main format (the Blue Coat custom log format) contains the
following ELFF fields:
date time time-taken c-ip sc-status s-action sc-bytes cs-bytes csmethod cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query csusername cs-auth-group s-hierarchy s-supplier-name rs(Content-Type)
cs(User-Agent) sc-filter-result cs-category x-virus-id s-ip s-sitename

The Main format fields are described below.
Field

Description

date

GMT Date in YYYY-MM-DD format.

time

GMT time in HH:MM:SS format.

time-taken

Time taken (in milliseconds) to process the request.

c-ip

IP address of the client.

sc-status

Protocol status code from appliance to client.

s-action

The type of action the appliance took to process this request.

sc-bytes

Number of bytes sent from appliance to client.

cs-bytes

Number of bytes sent from client to appliance.

cs-method

Request method used from client to appliance.

cs-uri-scheme

Scheme from the 'log' URL.

cs-host

Hostname from the client's request URL. If URL rewrite policies
are used, this field's value is derived from the 'log' URL.

cs-uri-port

Port from the 'log' URL.

cs-uri-path

Path from the 'log' URL. Does not include query.

cs-uri-query

Query from the 'log' URL.

cs-username

Relative username of a client authenticated to the proxy (that is,
not fully distinguished).

cs-auth-group

One group to which an authenticated user belongs. If a user
belongs to multiple groups, the group logged is determined by
the Group Log Order configuration specified in VPM. If the
Group Log Order is not specified, an arbitrary group is logged.

s-hierarchy

How and where the object was retrieved in the cache hierarchy.

s-supplier-name

Hostname of the upstream host (not available for a cache hit).

179

Blue Coat Reporter Configuration and Management Guide

Field

Description

rs(Content-Type)

Request header: Content-Type.

cs(User-Agent)

Request header: User-Agent.

sc-filter-result

Content filtering result: Denied, Proxied, or Observed.

cs-category

Single content category of the request URL (or sc-filtercategory).

x-virus-id

Identifier of a virus if one was detected.

s-ip

IP address of the appliance on which the client established its
connection.

s-sitename

Service used to process the transaction.

180

Appendix B: v7 Profile Reference

This appendix provides configuration and tuning options for profiles created with a v7
database. This appendix contains the following sections:


"Section A: v7 Database Concepts" on page 182



"Section B: Using Log Filters" on page 190

181

Blue Coat Reporter Configuration and Management Guide
Section A: v7 Database Concepts

Section A: v7 Database Concepts
This section describes the constructs of a the v7 database.

Database Overview
Blue Coat Reporter uses a database to store information about log data. The database
contains a compact version of the log data in the main table, and a series of secondary
tables that provide hierarchy information and improve performance of some queries.
Each time a new log entry is read, the information contained in that entry is added to the
database. Each time a report is generated, the required information is read from the
database.
Reports can query data from the database based on multiple filters. For example, it is
possible in a virus log to filter to show only the source IPs for a particular virus, and for a
Web log it is possible to see the pages hit by a particular visitor. In general, any
combination of filters can be used if it is possible to create complex and/or/not
expressions to zoom in on any part of the dataset. See Appendix C: “Configuration File
Reference” on page 199 for information about using log filters.
For large datasets, it can be slow to query data directly from the main table. Query
performance for some types of tables can be improved using cross-reference tables, which
roll up data for certain fields into smaller, fast-access tables. For example, for a Web log,
you can create a cross-reference table containing page, hit, and page view information; the
table pre-computes the number of hits and page views for each page, and thus the
standard Pages report are quickly generated. See "Examples" on page 194 for more
information.
The Database folder option specifies the location of the database on disk; if the option is
blank, Reporter stores the database in the Database folder, in the LogAnalysisInfo folder,
using the name of the profile as the name of the Database folder. See "Database Options"
on page 139 for information about the Database folder options.
New log data can be added to the database at any time. This allows a database to be
quickly and incrementally updated, for instance, every day with that day's new log
entries. This can be accomplished from the Web browser interface by using the Update
Database option (at the top of any of the Database pages in the Configuration menu). A
CLI command (see"Building and Updating Databases from the Command Line" on
page 220) that accomplishes the same thing is:
bcreport -p config-file -a ud

If your log files are very large, or if your database is extensively cross-referenced, building
a database can take a long time and use a lot of memory and disk space.
A number of advanced options exist to fine-tune database performance. To get the most
out of the database feature, adjust the values of the database parameters. Database tuning
is discussed in "Database Tuning" on page 141.

Memory, Disk, and Time Usage
Reporter processes a huge amount of data while building a database or displaying
statistics. Because of this, it uses a lot of resources: disk space, memory, and processing
time.

182

Appendix B:v7 Profile Reference

Section A: v7 Database Concepts
However, you can customize Reporter to use less of some of these resources by using
more of others. You can also customize Reporter to use less of all resources by reducing
the amount of data in your database. This section describes the options that let you
manage your memory, disk, and time resources.

Building the Database Faster
A database is built (or updated) in three stages:


The log data is processed, creating the main table



The main table indices are created.



The cross-reference tables are built from the main table

One method to speed up all of these processes is to use multiple processors. The
Enterprise version of Reporter has the ability to split database builds across multiple
processes, building a separate database with each processor from part of the dataset, and
then merging the results. This can provide a significant speedup.
If Reporter is configured to look up your IP numbers (using Look up IP numbers using
domain nameserver (DNS)), the database building process is slower than usual, as Reporter
looks up all the IP numbers in your log file. You can speed up the process by not using
Look up IP numbers using domain nameserver (DNS), by decreasing the DNS timeout
(seconds), or by improving Reporter’s bandwidth to the DNS server.
You can also speed up all three stages by simplifying the database structure, by
eliminating database fields or using log filters to simplify them. For example, if you add a
log filter that converts all IP addresses to just the first two octets, you have a much simpler
field than if you use full IP addresses.
Cross-reference tables can be eliminated to improve database build performance;
however, by eliminating cross-reference tables, you slow query performance for those
queries that would have used a cross-reference table. See "Examples" on page 194 for more
details.

Using Less Memory During Database Builds
For most large datasets, the major factor in memory usage during builds are the item lists.
There is one list per field, and each list includes every value for that field. For large fields,
these lists can be huge—if there are 100 million unique IP address, and each IP address is
10 bytes long, then the total memory required for that list is100M * 10, or 1GB of memory.
Reporter uses memory-mapped files for these lists, so depending on the operating
system’s implementation of memory mapped files, these could appear to be normal
memory usage, virtual memory usage, or something else.
However, most 32-bit operating systems restrict each process to 2GB of memory space,
including mapped files.
Even large datasets seldom reach 1GB for the largest item list, and it is usually only a
handful of fields that are large, so 2GB is usually enough.
You can also simplify your database fields using log filters. For example, a filter that chops
off the last octet of the IP address significantly reduces the number of unique IP addresses,
dropping a huge 1GB item list under 100MB. Also, you can eliminate the troublesome
field, if the field is not needed. To determine which field is the problem, build the database
until it runs out of memory, and then examine the database directory (typically in
LogAnalysisInfo/Databases) to see which files are large. Pay particular attention to the items
folder—if files in the xyz folder are extremely large, then the xyz field is a problem.

183

Blue Coat Reporter Configuration and Management Guide
Section A: v7 Database Concepts
Finally, if you need to use less disk space or memory due to a quota on your Web server,
try running Reporter on a local machine, where you dictate disk space constraints, and
setting it to fetch the log data by FTP.

Tuning the Database
This section provides two tables that describe the database tuning options. This is
reference material for the procedures given in Chapter 4, "Database Tuning" on page 141.
Table 8-1. Database Tuning Options
Option

Description

Maximum main table
segment size

Default: 100 MB. This determines the maximum size of one segment of the main
database table. Segments are files stored in the database directory; Reporter
prefers to leave the entire table in a single file, but operating system limitations
sometimes make that impossible. So when the table exceeds this size, it is split
into multiple files, each smaller than this size. This reduces performance
somewhat, but allows arbitrarily large datasets to be represented in a database.
• Guidelines:
If you set this higher than the operating system allows, errors occur when
processing very large datasets (10 million lines of log data corresponds
roughly to 1GB of main table, depending on the database structure and other
factors). Increasing this value also causes Reporter to require more memory as
it is processing. If set this larger than the default, and your running system
memory runs out or too low when building or updating the database, return
to the default value.

Maximum cross-reference
table segment size

Default: 100 MB. This determines the maximum size of one segment of a crossreference database table. Segments are files stored in the database directory;
Reporter prefers to leave the entire table in a single file, but operating system
limitations sometimes make that impossible. So when the table exceeds this size,
it is split into multiple files, each smaller than this size. This reduces
performance significantly, but allows arbitrarily large datasets to be represented
in a database. If you set this higher than the operating system allows, errors
occur when processing very large datasets. Most operating systems can handle
files up to 2GB in size; a setting of 1GB should be safe in most cases, and should
prevent segmentation for all but the largest datasets.
Guidelines
• This setting should remain at 100 MB if the Build all cross-reference tables
simultaneously setting is enabled (see Table 8-2).
• Increasing this size causes Reporter to require more memory when it is
building or updating the database, especially if you have also set it to build
the cross-reference tables simultaneously. If your system memory runs out or
is too low and you have increased this value from the default, try returning to
the default value.

184

Appendix B:v7 Profile Reference

Section A: v7 Database Concepts
Table 8-1. Database Tuning Options
Option

Description

List cache size

Default: 100 MB. This option specifies the maximum memory used by the list
cache. The list cache is used when tracking unique item lists (such as visitors) or
database indices, to improve performance when lists get very large. Normally,
lists are stored in a form that uses minimal memory, but does not allow items to
be added quickly to the list in some situations. When a list appears to be slow, it
is moved to the list cache, and expanded into a high-memory-usage, highperformance format. At the end of the operation, it is compacted into the lowmemory-usage format again. When the cache is full, the least-used cached lists
are compacted. Setting this option higher uses more memory during database
cross-reference group building and index building, but allows more lists to be
kept in the fast-access format—this usually improves performance, sometimes
dramatically.

Maximum main table
segment size to merge

Default: 10 MB. This option specifies the maximum size of a main table segment
that can be merged while merging databases. If a segment is smaller than this,
the merge occurs by adding each entry to the existing final segment of the main
database table; if there are more than this number of entries, the merge occurs by
copying the entire table and indices to the main database, creating a new
segment. Copying is faster, but because it creates a new segment it fragments the
database, slowing queries slightly. Therefore, setting a high value improves the
query performance of the final database, at a cost in log processing performance.

Maximum xref segment
size to merge

Default: 10 MB. This option specifies the maximum size of a cross-reference table
segment that can be merged during a database merge operation (such as at the
end of a multiprocessor database build). Segments large than this are copied to
the main database, and form their own segments; segments smaller than this are
merged into the main database. Copies can be much faster than merges, but
result in a more segmented main database, making queries slower. Therefore,
setting this to a high value improves the query performance of the final
database, at a cost in log processing performance.

Table 8-2. Database Tuning Build Options
Option

Description

Build all indices
simultaneously

Default: not selected. This option affects the stage of log processing when indices
are rebuilt. If this option is selected, Reporter scans through the main database
table just once during the index rebuilding stage, building all indices
simultaneously. If this option is not selected, Reporter builds each index
separately, scanning through the main table once per index. Selecting this option
can significantly speed up index building by combining all the table scans into
one, but at the cost of much more memory because all indices must be in
memory at the same time.
• Guidelines:
Generally safe to turn on (as most indices do not require a lot of memory),
and will speed up the index building step.

185

Blue Coat Reporter Configuration and Management Guide
Section A: v7 Database Concepts
Table 8-2. Database Tuning Build Options
Option

Description

Build indices during log
processing

Default: not selected. This option affects the stages of log processing when
indices are built. When this option is selected, indices are kept in memory
during log processing, and are incrementally updated as new log lines are
processed. When this option is not selected, indices are updated in a single stage
after all log data has been processed. Selecting this option can speed database
building because it eliminates the need to re-read the main database table after
processing log data, but the cost more memory consumption because all indices
must be kept in memory while log data is processed.
• Guidelines
Disabled by default. If your server has at least 1 GB of RAM, and you are
using a Log Processing Threads setting greater than 0, Blue Coat recommends
enabling this option. Multi-thread database build/update actions usually
become disk-bound—the child processes spend considerable time waiting for
the parent process to send them log data to work on. This option lets you
push more work onto the child processes, by having them build their own
indices as they go

Build all cross-reference
tables simultaneously

Default: not selected. This option affects the stage of log processing when crossreference tables are rebuilt. If this option is selected, Reporter scans through the
main database table just once during the cross-reference rebuilding stage,
building all cross-reference tables simultaneously. If this option is false, Reporter
builds each cross-reference table separately, scanning through the main table once
per cross-reference table. Selecting this option speeds up cross-reference building
by combining all the table scans into one, but uses much more memory because all
cross-reference tables must be in memory at the same time.
• Guidelines
Disabled by default. This setting might provide a significant performance
improvement, but requires that your system have a fast underlying disk
subsystem. Do not enable this setting if you are using IDE or older drive
technologies.
If this setting is enabled, keep the Maximum cross-reference table segment size
setting at 100 MB (see "Tuning the Database" on page 184). See "Notes
About Cross-Reference Tables" on page 189 for information about building
cross-reference tables. Even then, if your dataset is large and complex, you
might see that your system is running out of memory. If this option is enabled
and you run out of RAM, try disabling it.

186

Appendix B:v7 Profile Reference

Section A: v7 Database Concepts
Table 8-2. Database Tuning Build Options
Option

Description

Build cross-reference
tables and indices
simultaneously

Default: not selected. Before trying this option, try the Build all cross-reference
tables simultaneously option. If that works, then this one may work as well. This
option affects the stages of log processing when cross-reference tables indices are
rebuilt. If this option is true, Reporter combines the index-building and crossreference table building stages of log processing into one, scanning through the
main database table once and building both indices and cross-reference tables. If
this option is false, Reporter builds indices and cross-reference tables separately,
scanning through the main table twice. Selecting this option might speed up
index and cross-reference table building by combining the two table scans into
one, but uses more memory because both the cross-reference tables and the
indices must be in memory at the same time.
• Guidelines
Disabled by default. In most deployments, enabling this setting is not
recommended as it might cause frequent problems and the performance
gained is not significant. This setting might cause problems on systems with
inadequate disk/memory resources.
• If this option and the Build cross-reference tables during log processing
option are both enabled, system memory will almost certainly run out.

Build cross-reference
tables during log
processing

Default: not selected. This option affect the stages of log processing when crossreference tables are built. When this option is selected, cross-reference tables are
kept in memory during log processing, and are incrementally updated on the fly
as new log lines are processed. When this option is not selected, cross-reference
tables are updated in a single stage after all log data has been processed.
Selecting this option might speed database building because it eliminates the
need to re-read the main database table after processing log data, but can require
much more memory because all cross-reference tables must be kept in memory
while log data is processed.
• Guidelines
Disabled by default. In most deployments, enabling this setting is not
recommended. This setting might cause problems on systems with
inadequate disk resources.
With smaller datasets, profiles set to use Log Processing Threads greater than
0, and on servers with at least 2 GB of RAM, this option provides a significant
performance boost; however, as the dataset grows larger, system memory will
certainly run out.

187

Blue Coat Reporter Configuration and Management Guide
Section A: v7 Database Concepts
Table 8-2. Database Tuning Build Options
Option

Description

Build cross-reference
tables in threads

Default: selected. This option affects multi-processor database builds. When this
option is selected, each thread (processor) builds the cross-reference tables for its
part of the database separately, and they are merged in a final stage to create the
cross-reference tables for the main database. When this option is not selected,
threads do not build cross-reference tables; the cross-reference tables are built in
the final stage from the main table (which is merged from the threads' main
tables). If your system has fast disk I/O, it is generally best to select this option,
to spend as much time as possible using all processors. But if disk I/O is slow,
the I/O contention between processes might slow both threads down to the
degree that using multiple processors is actually slower than using one.
• Guidelines
Enabled by default. This setting provides a significant performance
improvement in multi-processor environments, but doubles the disk resource
requirements. This setting might cause problems on systems with inadequate
disk resources. Disable this if you are having issues with multi-processor
builds that seem slow.
If this setting is enabled, keep the Maximum cross-reference table segment
size setting at 100 MB (see "Tuning the Database" on page 184). See
"Notes About Cross-Reference Tables" on page 189 for information
about building cross-reference tables.

Build indices in threads

Default: selected. This option affects multi-processor database builds. When this
option is selected, each thread (processor) builds the indices for its part of the
database separately, and they are merged in a final stage to create the indices for
the main database. When this option is not selected, threads do not build
indices; the indices are built in the final stage from the main table (which is
merged from the threads' main tables). If your system has fast disk I/O, select
this option to spend as much time as possible using all processors. But if disk I/
O is slow, the I/O contention between processes slows both threads down to the
point that using multiple processors is actually slower than using one.
• Guidelines
Enabled by default. This setting doubles the memory requirements for
building indices during multi-processor database operations, but this is
usually not a significant amount; if your server has at least 512 MB of RAM,
you should not experience problems with this setting. For information about
the Log processing threads setting, which is available only in the Enterprise
version, see "Log Processing" on page 131.

Build indices in memory

Default: selected. When this option is selected (the default), database indices are
held entirely in memory during database builds. When this option is not
selected, database indices are mapped to files on the disk. Keeping the indices in
memory can increase the performance of the index building part of database
builds, sometimes by a factor of 3x or more, but requires enough memory to
hold the indices.
• Guidelines
Enabled by default. This setting is the reason that indices build quickly, and
Blue Coat recommends this remain enabled. Blue Coat recommends disabling
the other settings with build indices rather than disabling this setting.

188

Appendix B:v7 Profile Reference

Section A: v7 Database Concepts

Notes About Cross-Reference Tables
With cross-reference table settings, you must make a choice between two settings: faster
log processing performance or faster database queries. Cross-reference tables are very
complex, and use a lot of system resources during calculation. Each cross-reference table
applies to the entire database; therefore, longer, complex fields (for example, URL-related
or others with a large number of unique values) require larger cross-reference tables. The
default 100 MB segment size allows Reporter to build all cross-reference tables
simultaneously during log processing on a system with SCSI disk resources. The trade-off
here is database queries—for large datasets, Reporter needs to merge cross-reference
tables before creating a query. This can take anywhere from one minute to a half-hour
depending on the particular cross reference and the size of the database. The alternative is
to set cross-reference table segment size to a large size: as much as 1GB or more. With this
cross-reference table segment size, most queries are much faster because the merge is
avoided. However, with the setting set to this size, you cannot enable the simultaneously or
in threads options.

189

Blue Coat Reporter Configuration and Management Guide
Section B: Using Log Filters

Section B: Using Log Filters
For v7 profiles, Blue Coat Reporter provides a variety of log filters that let you selectively
eliminate portions of your log data from the statistics, or convert values in log fields.
Note: Do not confuse log filters with the filters that appear in reports; log filters affect
how the log data is processed, and report filters affect which parts of the database data are
displayed.

There are many reasons to filter the log data, including:


Not interested in seeing the hits on files of a particular type (for example, image files,
in Web logs).



Not interested in seeing the events from a particular host or domain (for example, Web
log hits from your own domain, or e-mail from your own domain for mail logs).



For Web logs, not interested in seeing hits that did not result in separate page views,
like 404 errors (file not found) or redirects.

The Reporter default filters automatically perform the most common filtering
(categorizing image files such as hits but not page views, strip off page parameters, and
more) but you will add or remove filters as you fine-tune your statistics.

About Filters
Filters are arranged in a sequence, like a computer program, starting with the first filter
and continuing down through the last filter. Each time Reporter processes a log entry, it
runs the filters in order, starting with the first one. Reporter applies that filter to the log
entry. The filter can accept the log entry by returning done, in which case it is immediately
selected for inclusion in the statistics. If a filter accepts an entry, the other filters are not
run; once a filter accepts, the acceptance is final. Alternately, the filter can reject the entry
by returning reject, in which case it is immediately discarded, without consulting any
filters farther down the line. Finally, the filter can neither accept nor reject, but instead
pass the entry on to another filter (by returning nothing); in this case, and only in this case,
another filter is run.
In other words, every filter has complete power to pass or reject entries, provided the
entries make their way to that filter. The first filter that accepts or rejects the entry ends the
process, and the filtering is done for that entry. A filter gets to see an entry only when
every filter before it in the sequence has neither accepted nor rejected that entry. So the
first filter in the sequence is the most powerful, in the sense that it can accept or reject
without consulting the others; the second filter is used if the first has no opinion on
whether the entry should be accepted or rejected, etc.
Note: Both regular expression pattern filters and DOS-style pattern filters are necessary
in some cases, but they should be avoided when possible because pattern filters can be
considerably slower than the simpler filter types like ends with or contains.

Hits
Reporter distinguishes between hits and page views for most types of logs. A hit is one
access to the Web server; for example, one request for a file (it may not actually result in
the transfer of a file; for instance, if it's a redirect or an error). A page view is an access to a
page (rather than an image or a support file such as a style sheet). For some Web sites and

190

Appendix B:v7 Profile Reference

Section B: Using Log Filters
some types of analysis, image files, .class files, .css files, and other files are not as
important as HTML pages—the important number is how many pages were accessed, not
how many images were downloaded. For other sites and other types of analysis, all
accesses are important. Reporter tracks both types of accesses. When a filter accepts an
entry, it decides whether it is a hit or a page view by setting the hits and page_views fields
to 1 or 0. Hits are tallied separately, and the final statistics can show separate columns for
hits and page views in tables, as well as separate pie charts and graphs. Both hits and page
views contribute to bandwidth and visitor counts, but the page view count is not affected
by hits on image files and other support files.

Log Filter Syntax
Log filters can use all syntax described in Table 8-3 (command line operators) and Table
8-4 (built-in routines), and also support a few extra variables. Specifically, log filters can
refer to log fields by name, so a reference to date_time in a log filter is a reference to the
value of the date_time field in the log entry that is currently being processed. This can be
used either to get or set values; for example, if (page eq '/index.html') then
'reject' checks the current log entry's page field to see if it is /index.html, and rejects
the log entry if it is; and page = '/index.html' sets the page field of the current log
entry to /index.html. Log filters can also use the special variable entire_line, whose
value is the entire current line of log data.
Note: The backtick (`) is not a supported character.

Table 8-3. Command Line Operators
Operator

Purpose

==

Compares two numbers; true if they are equal; for example, 1 == 1 is true.

!=

Compares two numbers; true if they are not equal; for example, 1 != 1 is false.

<=

Compares two numbers; true if the left number is less than or equal to the right; for
example, 1 <= 2 is true, and so is 1 <= 1.

>=

Compares two numbers; true if the left number is greater than or equal to the right;
for example, 2 >= 1 is true, and so is 1 >= 1.

<

Compares two numbers; true if the left number is less than the right; for example, 1
< 2 is true, but 1 < 1 is false.

>

Compares two numbers; true if the left number is greater than the right; for
example, 2 > 1 is true, but 1 > 1 is false.

eq

Compares two strings; true if they are equal; for example, "a" eq "a" is true.

ne

Compares two strings; true if they are not equal; for example, "a" ne "a" is false.

le

Compares two strings; true if the left string is lexically less than or equal to the
right; for example, "a" le "b" is true, and so is "a" le "a".

191

Blue Coat Reporter Configuration and Management Guide
Section B: Using Log Filters
Table 8-3. Command Line Operators
Operator

Purpose

ge

Compares two strings; true if the left string is lexically greater than or equal to the
right; for example, "b" ge "a" is true, and so is "a" ge "a".

lt

Compares two strings; true if the left string is lexically less than the right; for
example, "a" lt "b" is true, but "a" lt "a" is false.

gt

Compares two strings; true if the left string is lexically greater than the right; for
example, "b" gt "a" is true, but "a" gt "a" is false.

or

True if either left or right values, or both, are true; for example, true or true is
true; true or false is true.

and

True if both left and right values are true; for example, true and true is true;
true and false is false.

+

Adds the right value to the left value; for example, 1+2 is 3.

-

Subtracts the right value from the left value; for example, 2-1 is 1.

*

Multiplies the right value and the left value; for example, 2*3 is 6.

%

Performs module 0 division, returning the remainder, of the left value by the right
value; for example, 5%2 is 1 and 6%2 is 0.

/

Divides the left value by the right value; for example, 12/4 is 3.

+=

Adds the right value numerically to the left variable; for example, x += 1 adds 1 to
x.

-=

Subtracts the right value numerically from the left variable; for example, x -= 1
subtracts 1 from x.

++

Adds 1 numerically to the left variable; for example, x++ adds 1 to x.

--

Subtracts 1 numerically from the left variable; for example, x-- subtracts 1 from x.

.

Concatenates the right string to the end of the left string; for example, "a"."b" is
"ab".

.=

Concatenates the right value to the left variable; for example, x .= "X"
concatenates "X" to the end of x.

=

Assigns the right hand side to the left hand side; for example, x = 1 assigns a value
of 1 to the variable x.

!

Performs a boolean negation of its unary parameter; for example, !true is false,
and !false is true.

file

Rather than create long lists within filters, reference a file that contains the list. See
the example "Example: Reference a File" on page 194.

not

Same as !.

matches

(Not valid with v8 profiles) True if the left value matches the wildcard pattern
specified by the right value.

192

Appendix B:v7 Profile Reference

Section B: Using Log Filters
Table 8-3. Command Line Operators
Operator
matches_
regexp

Purpose
(Not valid with v8 profiles) True if the left value matches the regular expression
specified by the right value.
Note: Regular expression calculations during log processing can affect performance.

$

Treats its unary string parameter as a variable name, and evaluates the value of the
variable; for example, if the value of the variable named "variable" is 1, then the
value of the expression $("variable") is 1.
Important—this uses the value of the expression immediately after it as the name
of the variable, so if variable x has value "valueX" then $x means the same as
$("valueX"); i.e. it is the value of the variable valueX, not the value of the
variable x. To get the value of the variable x, just use x, not $x.

Table 8-4. Built-in Routines
Routine

Purpose

convert_escapes(string M)

This converts percent-sign escape sequences in M (for
example, converting %20 to a space), and returns the
converted value. For instance,
conver_escapes("some%20string") returns
"some string".

length(string S)

The value of this expression is the length of the string
S.

substr(string V, int S, int L)

The value of this expression is the substring of the
string V, starting at index S and of length L. The L
parameter is optional, and if it is omitted, the value of
the expression is the substring of V starting at S and
continuing to the end of V.

split(string s, string
divider, string resultnode)

This splits the string s on the divider specified in
divider, and puts the resulting sections into the
node specified by resultnode. For instance,
split("Hello,you,there", ",",
"volatile.splitresult") will set
volatile.splitresult.0 to "Hello",
volatile.splitresult.1 to "you", and
volatile.splitresult.2 to "there".

starts_with(string S, string
T)

The value of this expression is true if the string S
starts with the value of the string T.

ends_with(string S, string T)

The value of this expression is true if the string S ends
with the value of the string T.

contains(string S, string T)

The value of this expression is true if the string S
contains the value of the string T.

193

Blue Coat Reporter Configuration and Management Guide
Section B: Using Log Filters
Table 8-4. Built-in Routines
Routine

Purpose

replace_all(string S, string
T, string R)

The value of this expression is the value of S after all
occurrences of T have been replaced with R.

replace_first(string S, string
T, string R)

The value of this expression is the value of S after the
first occurrence of T has been replaced with R. If T
does not occur in S, the value of this expression is S.

replace_last(string S, string
T, string R)

The value of this expression is the value of S after the
last occurrence of T has been replaced with R. If T
does not occur in S, the value of this expression is S.

lowercase(string S)

The value of this expression is the value of S after all
uppercase letters have been converted to lowercase.

uppercase(string S)

The value of this expression is the value of S after all
lowercase letters have been converted to uppercase.

matches_regular_expression(st
ring S, string R)

The value of this expression is true if the string S
matches the regular expression R. If it matches, the
variables $0, $1, $2, ... are set to the substrings of S
that match the parenthesized subexpressions RE.

index(string S, string T)

The value of this expression is the index (character
position) of the substring T in the string S. If T is not a
substring of S, the value of this expression is -1.

last_index(string S, string T)

The value of this expression is the index (character
position) of the final occurrence of substring T in the
string S. If T is not a substring of S, the value of this
expression is -1.

set_log_field(string N, string
V)

The sets the value of the log field N of the current log
entry to V.

capitalize(string V)

This capitalizes the value V, using the capitalization
rules in the language module.

pluralizes(string V)

This pluralizes the value V, using the pluralization
rules in the language module.

Examples
Example: Reference a File
The file operator allows an administrator to reference a file that contains a list of entries.
Rather than composing a complex regular expression or manually entering a long string,
such multiple within item OR within item OR and so on, create a text file with each
entry on a new line. For example, you want a list of servers IP addresses to included in a
report:

194

Appendix B:v7 Profile Reference

Section B: Using Log Filters
File name: Server Farm A IPs
192.168.2.1
192.168.2.2
192.168.2.3

Or you want to exclude a group of users:
File name: Excluded E-staff Users
John
Mark
Steve
Sally

Add list files under the LogAnalysisInformation folder. They can be stored in subfolders
under the LogAnalysisInformation folder, which allows you to organize lists according to
content type (subfolders of these subfolders are alos permissable).
The following examples illustrate how to employ the file operator:


CLI command (includes list of IPs):
bcReporterCL.exe -p [profile_name] -a [action]
[associated_action_arguments] -rn [report_name] -f "(c_ip file
'filter_files/Server Farm A IPs')"



Filter Expression in Profile (excludes list of users):
filter = {
expression = "(c_ip file not 'filter_files/Excluded E-staff
Users')"
} # filter



In the Management Console dialog (Config>Reports/Reports Menu>Edit link):

Figure 8-1. Adding a file operator filter to a report.

Notes


There is no stated limit to the size of the list, but the operator was tested for 3500
entries, which is comporable to a large office size.

195

Blue Coat Reporter Configuration and Management Guide
Section B: Using Log Filters


On the dialog (Management Console option), the name of the file appears as the
argument for the specific field that it is being compared against. If a change is made on
this form and then saved, confirm that the appropriate operator, file, is still part of
the filter expression.

Example: Filtering Out GIFs
The following filter rejects GIF files in Web logs:
if (file_type eq ’GIF’) then "reject";

Example: Filtering Out Domains or Hosts
The following filter ignores hits from your own Web log domain:
if (ends_with(cs_host, ".mydomain.com")) then "reject";

You can use a similar filter to filter out hits from a particular hostname:
if (cs_host eq "badhost.somedomain.com") then "reject";

This type of filter can be used on any field, to accept and reject based on any criteria you
wish.
Field names that appear in filters (like file_type or hostname above) should be exactly
the field names as they appear in the profile (not the field label, which is used for display
purposes only and might be something like file type). Field names never contain spaces,
and are always lowercase with underscores between words.

Example: Filtering Out Pages or Directories
The host filter above can be modified slightly to filter out entries based on any field. One
common example is if you want to filter out hits on particular pages, for instance to
discard hits from worm attacks. A filter like this:
if (starts_with(page, "/default.ida?")) then "reject";

rejects all hits on /index.ida, which eliminates many of the hits from the Code Red
worm.
A filter like this:
if (!starts_with(page, "/directory1/")) then "reject";

rejects all hits except those on /directory1/, which can be useful if you want to create a
database that focuses on only one directory (sometimes useful for ISPs).

Example: Filtering Out Events before a Particular Date Range
The following filter rejects entries before 2007:
if (date_time < '01/Jan/2007 00:00:00') then "reject";

Example: Filtering Out Events Older than a Particular Age
The following filter rejects entries older than 30 days:
(60*60*24*30 is the number of seconds in 30 days):
if (date_time < (now() - 60*60*24*30)) then "reject";

Example: Filtering Out Events outside a Particular Date Range
The following filter rejects all entries except those in 2005:

196

Appendix B:v7 Profile Reference

Section B: Using Log Filters
if ((date_time < '01/Jan/2006 00:00:00') or (date_time >= '01/Jan/2007
00:00:00')) then "reject";

Advanced Example: Converting the Page Field to Strip Off
Parameters
The parameters on the page field (the part after the ?) are often of little value, and increase
the size of the database substantially. Because of that, Reporter includes a default filter
that strips off everything after the ? in a page field (if you need the parameters, delete the
filter, but do so at the risk of causing database builds to fail on large datasets). Reporter
uses a special replace everything after filter for this use, but for the purpose of this example,
the following is another filter that accomplishes the same thing (but slower, because
pattern matching is a fairly slow operation):
if (contains(page, "?")) then if (matches_regexp(page, "^(.*?).*$"))
then page = "$1(parameters)";

This checks if the page contains a question mark; if it does, it matches the page to a regular
expression with a parenthesized subexpression that is set to just the part before and
including the question mark. The variable $1 is automatically set to the first parenthesized
section, and this variable is used to set the page field to the part before and including the
question mark, with (parameters) appended.
For example, if the original value was /index.html?param1+param2, the result is /
index.html?(parameters). That is the desired result—the parameters have been
stripped off, so all hits on index.html with parameters have the same value, regardless of
the parameters—and that reduces the size of the database.
The filters look the same in profile files, so you can also edit a filter in the profile file using
a text editor. Use a backslash (\) to escape quotes, dollar signs, backslashes, and other
special characters if you edit the profile file directly.

197

Blue Coat Reporter Configuration and Management Guide

198

Appendix C: Configuration File Reference

This section provides concept and reference information to assist advanced Reporter
users in customizing profiles outside of the options available through the user
interface. This section contains the following sections:


"Section A: About Configuration Files" on page 200.



"Section B: Profile Options" on page 203



"Section C: Preference Options" on page 214.

199

Blue Coat Reporter Configuration and Management Guide
Section A: About Configuration Files

Section A: About Configuration Files
All Blue Coat Reporter options are stored in text files called configuration files (or profile files
if they contain the options of a particular profile).
Note: You only need to know about profile files if you want to edit them directly (which
is usually faster than using the Web interface), use them from the command line, or if you
need to change options that are not available through the Web interface.

Creating Configuration Files
In configuration files, each option is given in the format:
name = value

and options can be grouped like this:
groupname = {
name1 = value1
name2 = value2
name3 = value3
} # groupname

Within this group, you can refer to the second value using the syntax groupname.name2.
Groups can be within groups like this:
groupname = {
name1 = value1
subgroupname = {
subname1 = subvalue1
subname2 = subvalue2
} # subgroupname
name3 = value3
} # groupname

Hash characters (#) are comment markers; everything after a # is ignored to the end of the
line. Multiline comments can be created using #* before the command and *# after it. In
this case, the subgroup name is listed as a comment on the closing bracket; this is
customary, and improves legibility, but is not required. In this case, subvalue2 can be
referred to as groupname.subgroupname.subname2.
There are no practical limits to the number of levels, the number of values per level, the
length of names or labels, or anything else.
In addition to groupings within a file, groupings also follow the directory structure on the
disk. The LogAnalysisInfo folder is the root of the configuration hierarchy, and files and
directories within it function exactly as though they were curly-bracket groups like the
ones above. For example, the preferences.cfg file (cfg stands for configuration group)
can be referred to as preferences; the server group within preferences.cfg can be
referrer to as preferences.server, and the web_server_port option within the server
group can be referrer to as preferences.server.web_server_port. For example, in a
Reporter start up in webserver mode command line, you can change the default port:
bcreport -ws t -preferences.server.web_server_port 8111

Through this type of hierarchical grouping by directories within LogAnalysisInfo, and by
curly-bracket groups within each configuration file, all configuration options in the entire
hierarchy can be uniquely specified by a sequence of group names, separated by dots, and
ending with an option name. All options in Reporter are specified in this way, including

200

Appendix C:Configuration File Reference

Section A: About Configuration Files
profile options, preferences, language module (localization) variables, users, scheduling
options, documentation, spider/worm/search engines information, command line and
internal options, and more.
Reporter creates a profile file in the profiles subfolder of the Reporter folder when you
create a profile from the Web interface. Profile files can also be created using a text editor,
though the large number of options makes this a difficult task to do manually—it is best
scripted, or done by copying an existing profile file and editing it. To use files as profile
files, you must put them in the profiles folder.
Any profile that can be specified in a profile file can also be specified in the command line
interface (CLI) by using the same profile options. CLI syntax is longer if full profile names
are used because each option on the command line must be specified using the full
group1.group2.group3.option, when in the profile it appears only as option (within
the groups). However, most options have shortcuts; see the option documentation for
each option's shortcut (All Options). For information on using the CLI, see "Using
Reporter from the Command Line Interface" on page 219.
To see a sample profile file, use the Web browser interface to create a profile, and then
examine the file in the profile folder.

Creating and Editing Profile Files
Reporter stores profile options in profile files, in the profiles folder of the LogAnalysisInfo
folder.
Profile files are structured in groups of options, with subgroups inside some groups. For
instance, a profile might start like this (for simplicity, only some options are listed):
corpusers = {
database = {
options = {
database_type = "internal"
automatically_update_when_older_than = "0"
lock_database_when_in_use = "true"
prompt_before_erasing_database = "true"
} # options
tuning = {
hash_table_starting_size = "4096"
hash_table_expansion_factor = "2"
} # tuning
} # database
...

This profile is named corpusers, and the first group shows the database group,
containing all database options for the profile. Within that group, there are groups for
database options and database tuning. You can edit this file with a text editor to change
what the profile does—all options available in the Web interface are also available by
editing the text file. Some advanced users do most of their profile editing with a text
editor, rather than using the Web interface. Advanced users also often write scripts which
edit or create profile files automatically, and then call Reporter using the command line to
use those profiles.

201

Blue Coat Reporter Configuration and Management Guide
Section A: About Configuration Files
You can still edit the profile from the Management Console, even to make modifications to
profiles you have changed with a text editor.
Important:

The Reporter Management Console re-creates the profile file using its own formatting;
therefore, do not use it if you have added your own comments or changed the text
formatting.

202

Appendix C:Configuration File Reference

Section B: Profile Options

Section B: Profile Options
This section documents all the options available in profiles that can be modified. These
generally consist of advanced settings that are not currently accessible from Reporter's
administrative interface. Profiles can be found in the Reporter program directory, in the
\LogAnalysisInfo\profiles\ folder.
Unless otherwise noted, these apply only to v7 profiles.
Important:

Profile options can be used on the command line only if a profile is specified with -p.

Default log date year
The year to use (for example, 2006) if the date format in the log data has no year
information.

Long Description
This option is used if the log date format is one of the few formats that does not include
year information. Reporter will use this option’s value as the year. For example, if the date
in the log is May 7 and this option value is 2006, then Reporter assumes that the log entry
is for May 7, 2006. The value of this option should be a four-digit integer between 1970
and 2030, or thisyear—if the value of this option is thisyear, Reporter fills in the current
year (the year in which the log data is processed) as the year.

Configuration Node Name
log.format.default_log_date_year

CLI Shortcut
dldy

Log data format
The format of the log data.

Long Description
Specifies the name of the log format of the log data. When this appears in a log format
description file, it defines the name of the format being described. When this appears in a
profile, it has no effect other than providing the name of the log format plug-in used to
create the profile. Reporter sets this option when a new profile is created.

Configuration Node Name
log.format.format_label

CLI Shortcut
fl

Log entry pool size
The number of log entries Reporter can work on simultaneously.

203

Blue Coat Reporter Configuration and Management Guide
Section B: Profile Options

Long Description
This controls the number of log entries Reporter can work on at a time. Increasing this
value can improve performance of DNS lookup. However, it will also use more memory.

Configuration Node Name
log.processing.log_entry_pool_size

CLI Shortcut
eps

Log reading block size
Size in bytes of the blocks that are read from the log.

Long Description
This controls the size in bytes of the blocks that are read from the log data. Reporter reads
the log data in chunks, processing each chunk completely before continuing to the next.
Larger settings will reduce the number of disk accesses, potentially speeding processing
time, but will also require the specified number of bytes of memory.

Configuration Node Name
log.processing.read_block_size

CLI Shortcut
rbs

Skip processed files on update
Skip files that have already been processed (judging by their filenames) during a database
update or add operation.

Long Description
This controls whether Reporter uses the filenames of log files to determine if the files have
already been added to the database. If this option is checked (true), then Reporter will
skip over any log files in the log source if it has already added a file with that name to the
database. This can speed processing, especially when using FTP, because Reporter does
not have to download or process the file data and use its more sophisticated checking
mechanism to see if the data has been processed. However, it will not work properly if
you have log files in your log source that are growing from update to update, or if you
have log files with the same name but that contain different data. If this option is off,
Reporter will handle those situations correctly, but it will have to download and examine
the log data of all files to do it.

Configuration Node Name
log.processing.skip_processed_filenames_on_update

CLI Shortcut
spfod

204

Appendix C:Configuration File Reference

Section B: Profile Options

Log processing threads
The number of simultaneous threads to use to process log data.

Long Description
This specifies the number of threads of execution to use to process log data. The threads
will execute simultaneously, each processing a portion of the log data, and at the end of
processing, their results will be merged into the main database. On systems with multiple
processors, using one thread per processor can result in a significant speedup of using a
single thread.

Configuration Node Name
log.processing.threads

CLI Shortcut
lpt

Actions email address(es) (v7 and v8)
The address(es) that Reporter should send e-mail to whenever an action completes (for
example, the database is built).

Long Description
This specifies the address or addresses Reporter should send e-mail to whenever an action
occurs, for instance when the database finishes rebuilding, updating, expiring, or when
HTML files are done being generated. If this option is non-empty, Reporter will send a
brief description of what it just finished doing, using the SMTP server specified by SMTP
Server Hostname. Multiple recipients can be specified with commas, for example,
“user1@mydomain.com,user2@mydomain.com,user3@mydomain.com”. If this option is
empty, Reporter will not send e-mail.

Configuration Node Name
network.actions_email_address

CLI Shortcut
aea

See Also
"SMTP Server Hostname (v7 and v8)" on page 209

DNS Server
The hostname or IP address of the DNS server to use to look up IP addresses in the log
data. For v8 profiles, as DNS relates to reports.

Long Description
This specifies the DNS server to use when looking up IP addresses in the log data (when
Look up IP numbers using domain nameserver (DNS) is true). This can be either a hostname or
an IP address of the DNS server. If this option is empty, and Reporter is running on a

205

Blue Coat Reporter Configuration and Management Guide
Section B: Profile Options
UNIX-type operating system, it will use the system’s default primary DNS server. On all
other platforms (including Windows), this option must be set when Look up IP numbers
using domain nameserver (DNS) is true.

Configuration Node Name
network.dns_server

CLI Shortcut
ds

DNS timeout (seconds)
Amount of time to wait for DNS response before timing out. For v8 profiles, as DNS
relates to reports.

Long Description
This option controls the amount of time Reporter waits for a response from a DNS
(domain nameserver) when attempting to look up an IP number during log processing.
The value is in seconds; so a value of 30 means that Reporter will give up after waiting 30
seconds for a response. Setting this to a low value might speed up your log processing, but
fewer of your IP numbers will be resolved successfully.

Configuration Node Name
network.dns_timeout

CLI Shortcut
dt

See Also
"Look up IP numbers using domain nameserver (DNS)" below

Look up IP numbers using domain nameserver (DNS)
Whether to look up IP numbers using a DNS, to try to compute their hostnames. For v8
profiles, as DNS relates to reports.

Long Description
When this is true (checked), Reporter attempts to look up the full domain name of IPs that
appear in the log as IP numbers (‘reverse DNS lookup”), using the DNS server specified
by the DNS Server and Secondary DNS Server options. The lookup is performed as the log
data is read, so if you change this option, you will need to rebuild the database to see the
effects. Looking up the IP numbers provides a more human-readable format for the IP
hosts, but requires a network access as frequently as once per line, so it can take much
longer than leaving them as IP numbers. There are several ways to improve the
performance of DNS lookup. The most important is to make sure Reporter has a fast
network connection to your DNS server; you can usually do this by running Reporter on
your Web server (as a CGI program, if necessary), rather than on your desktop system. It
might also be faster to configure the logging server to perform the domain name lookups,
rather than having Reporter do it.

206

Appendix C:Configuration File Reference

Section B: Profile Options

Configuration Node Name
network.look_up_ip_numbers

CLI Shortcut
luin

See Also
"Never look up IP numbers using domain nameserver" on page 214 and "Maximum
Simultaneous DNS Lookups" below

Maximum Simultaneous DNS Lookups
The maximum number of IP addresses that Reporter will attempt to lookup at the same
time. For v8 profiles, as DNS relates to reports.

Long Description
This specifies the maximum number of IP addresses that will be looked up
simultaneously. Setting this to a high value might increase DNS lookup performance, but
if you set it too high, you might exceed operating system limitations, and the log
processing could fail.

Configuration Node Name
network.maximum_simultaneous_dns_lookups

CLI Shortcut
msdl

Report email address(es)
The address(es) that Reporter should send statistics reports to.

Long Description
This specifies the address(es) Reporter should send e-mail statistics reports to, when the
reports are emailed from the Web interface, or the Scheduler sends a report, or when a
report is sent using the command line. Multiple recipients can be specified with commas,
for example, user1@mydomain.com,user2@mydomain.com,user3@mydomain.com. One
report will be emailed, with HTML formatting and embedded images, to the specified
address.

Configuration Node Name
network.report_email_address

CLI Shortcut
rea

Report to email (v7 and v8)
The name of the report that Reporter should send by e-mail.

207

Blue Coat Reporter Configuration and Management Guide
Section B: Profile Options

Long Description
This specifies the name of the report Reporter should send when it sends a report by email.

Configuration Node Name
network.report_to_email

CLI Shortcut
rte

See Also
"Report email address(es)" on page 207

Return email address (v7 and v8)
The return e-mail address that Reporter should use when sending e-mail

Long Description
This specifies the return address Reporter should specify when sending e-mail. Unless a
valid address is specified here, replies to Reporter's automatically generated emails will
bounce.

Configuration Node Name
network.return_address

CLI Shortcut
ra

See Also
"SMTP Server Hostname (v7 and v8)" on page 209

Secondary DNS Server
The hostname or IP address of the DNS server to use to look up IP addresses in the log
data, if the primary DNS server fails.

Long Description
This specifies a secondary DNS server to use when looking up IP addresses in the log data
(when Look up IP numbers using domain nameserver (DNS) is true). This can be either a
hostname or an IP address of the DNS server. If this option is empty, and Reporter is
running on a UNIX-type operating system, it will use the system’s default secondary DNS
server. On all other platforms (including Windows), this option must be set when Look up
IP numbers using domain nameserver (DNS) is true. This is used only if the primary DNS
server (DNS Server) does not respond.

Configuration Node Name
network.secondary_dns_server

208

Appendix C:Configuration File Reference

Section B: Profile Options

CLI Shortcut
sds

See Also
"DNS Server" on page 205.

SMTP Server Hostname (v7 and v8)
The hostname of an SMTP (sendmail) server Reporter should use when sending e-mail.

Long Description
This specifies the hostname of an SMTP server Reporter should use when sending e-mail.
This can either be just the hostname, in which case the default SMTP port of 25 is used, or
it can be hostname:port (for example, the hostname, followed by a colon, followed by the
port number), in which case hostname is used as the SMTP hostname, and port is used as
the SMTP port.

Configuration Node Name
network.smtp_server_hostname

CLI Shortcut
ssh

Use TCP to Communicate with DNS servers
True if Reporter should use TCP (rather than the more standard UDP) to communicate
with DNS servers. For v8 profiles, as DNS relates to reports.

Long Description
This specifies whether Reporter should use the TCP protocol when communicating with
DNS servers. DNS servers more commonly communicate using UDP, and UDP is
generally faster, but in some cases it could be preferably to use TCP instead (for instance,
if your DNS server is accessible only by TCP due to its configuration or network location).

Configuration Node Name
network.use_tcp_for_dns

CLI Shortcut
utfd

Number thousands divider (v7 and v8)
A divider to separate thousands in displayed numbers.

209

Blue Coat Reporter Configuration and Management Guide
Section B: Profile Options

Long Description
This option specifies the value to separate thousands in displayed numbers. For example,
if this option is empty, a number might be displayed as 123456789. If the value of this
option is a comma (,), the number is 123,456,789. If it is a period (.), the number is
123,456,789. If it is a space, the number is 123 456 789. This can be used to localize number
divisions.

Configuration Node Name
output.number_thousands_divider

CLI Shortcut
ntd

Number of seconds between progress pages (v7 and v8)
The number of seconds between progress pages.

Long Description
This controls the number of seconds that elapse between the progress pages or commandline progress indicators, which appear when the progress display is enabled.
The progress (p) option controls whether a progress indicator appears during long
operations (such as reading a large log file).

Configuration Node Name
output.progress_page_interval

CLI Shortcut
ppi

See Also
"Report Filter Syntax" on page 228.

Allow viewers to rebuild/update database
Allow all statistics viewers to rebuild/update the database.

Long Description
When this option is checked (true), anyone viewing the statistics for the profile can
rebuild or update the database, using the rebuild/update links in the reports. When this
option is unchecked (false), only administrators will be able to use those links—the links
will not be visible for non-administrative viewers.

Configuration Node Name
security.allow_viewers_to_rebuild

CLI Shortcut
avtr

210

Appendix C:Configuration File Reference

Section B: Profile Options

Cache reports (v7 and v8)
True if reports should be cached for faster repeat display.

Long Description
This controls whether reports are cached on disk. When this option is true, reports are
saved on the disk, so if the exact same report is requested again later, it can be quickly
generated without requiring database access or report generation. When this option is
false, reports are regenerated every time they are viewed. Caching uses additional disk
space, so it might be useful to turn this off if disk space is at a premium.

Configuration Node Name
statistics.miscellaneous.cache_reports

CLI Shortcut
cr

Session timeout (seconds)
The interval after which events from the same user are considered to be part of a new
session.

Long Description
This controls the amount of time a session can be idle before it is considered complete.
This affects the display of session-based statistics reports such as the sessions overview, and
the entry/exit page views. Sessions are considered ended when a user has not contributed
an event in the number of seconds specified here. For instance, if this interval is 3600 (one
hour), then if a user does not contribute an event for an hour, the previous events are
considered to be a single session, and any subsequent events are considered to be a new
session.

Configuration Node Name
statistics.miscellaneous.session_timeout

CLI Shortcut
st

Maximum session duration (seconds)
The maximum duration of a session; longer sessions are discarded from the session
information.

Long Description
This controls the maximum length of a session in the session information. This affects the
display of session-based statistics reports such as the sessions overview, and the entry/exit
page views. Sessions longer than the value specified will be ignored, and will not appear
in the session information. This option is useful because some large ISPs and other large
companies use Web caches that effectively make all hits from their customers to appear to
be coming from one or just a few computers. When many people are using these caches at
the same time, this can result in the intermixing of several true sessions in a single

211

Blue Coat Reporter Configuration and Management Guide
Section B: Profile Options
apparent session, resulting in incorrect session information. By discarding long sessions,
which are probably the result of these caches, this problem is reduced. Also, long visits are
often the result of spider visits, which are usually not useful in session reporting. The
problem with caches can be eliminated entirely by configuring your Web server to track
true sessions using cookies, and then configuring Reporter to use the cookie value (rather
than the hostname field) as the visitor ID. Setting this option to 0 removes any limit on
session duration, so all sessions will be included.

Configuration Node Name
statistics.miscellaneous.maximum_session_duration

CLI Shortcut
msd

First weekday
The first weekday of the week (0=Sunday, 1=Monday, ...).

Long Description
This controls the weekday that is considered the first day of the week. The first weekday
will be the first column in calendar months and it will be the first row in weekday tables.
Use 0 for Sunday, 1 for Monday, 2 for Tuesday, 3 for Wednesday, 4 for Thursday, 5 for
Friday, and 6 for Saturday.

Configuration Node Name
statistics.miscellaneous.first_weekday

CLI Shortcut
fw

Marked weekday
The weekday that appears marked in calendar months displays (0=Sunday, 1=Monday,
...).

Long Description
This controls the weekday that appears in a different color in calendar months displays.
The marked weekday will be displayed in a different color than the other weekdays, for
instance, weekday = 0 will display the “S” for Sunday in red color. Use 0 for Sunday, 1 for
Monday, 2 for Tuesday, 3 for Wednesday, 4 for Thursday, 5 for Friday, and 6 for Saturday.

Configuration Node Name
statistics.miscellaneous.marked_weekday

CLI Shortcut
mw

212

Appendix C:Configuration File Reference

Section B: Profile Options

Log entry name (v7 and v8)
The word to use to describe a log entry.

Long Description
This option specifies the word used to refer to a single log entry. For example, for Web log,
this might be hit, or for e-mail logs it might be message. This option is set in the log
format plug-in, and does not need to be changed unless you are creating a new plug-in.
This will appear in various places in statistics pages.

Configuration Node Name
statistics.miscellaneous.entry_name

CLI Shortcut
en

Expand paths greater than this
The number of sessions through a path that causes the path to be expanded with “expand
all” or in offline (static) statistics.

Long Description
This is the number of sessions that are required for a path to be expanded in the paths
view when Expand all is clicked in statistics, or in offline (Generate HTML Files) statistics.
The paths view appears with all path segments (arrows) larger than this value expanded;
all paths smaller than this value is collapsed. If you set this value too small, your paths
page could be extremely large.

Configuration Node Name
statistics.sizes.expand_paths_greater_than

CLI Shortcut
epgt

213

Blue Coat Reporter Configuration and Management Guide
Section C: Preference Options

Section C: Preference Options
This section documents all the options available in the preferences configuration file that
can be modified. The preferences configuration file can be found in the Reporter program
directory at \LogAnalysisInfo\preferences.cfg.
Unless otherwise noted, these apply only to v7 profiles.

Never look up IP numbers using domain nameserver
Whether to ever try to look up hostnames of IP-numbered hosts

Long Description
When this is true (checked), Reporter never attempts to look up hostnames from IP
numbers; it uses IP numbers for everything. When this is false (unchecked), it attempts to
look up the local hostname when it starts a Web server, and it attempts to look up the
hostname of any host which accesses it by HTTP, and it looks up the hostname of any host
it encounters in the logs (if Look up IP numbers using domain nameserver (DNS) is true).
This option is useful if there is no local Domain Name Server (for instance, if the computer
running Reporter is not connected to a network and is not itself running a DNS).

Configuration Node Name
preferences.miscellaneous.never_look_up_ip_numbers

CLI Shortcut
nluin

Only look up IP numbers for log entries
Look up IP numbers only when they appear in logs, not for local server or remote
browsing computer

Long Description
When this is true (checked), Reporter looks up the hostnames of IP numbers using DNS
only when they appear in a log file and Look up IP numbers using domain nameserver
(DNS) is on. When this is false (unchecked), Reporter still looks up numbers in log files,
but also looks up the hostname of the computer Reporter is running on, and the
hostnames of computers using Reporter through Web browsers. This option is useful
because when it is true, Reporter never performs any network access, so it can be run on a
computer with a dial-up connection without having to be dialed in. When this option is
false, Reporter performs a DNS lookup when it first starts and when other computers
access it, so it must be permanently connected to the Internet (or using a DNS server on
your local network).

Configuration Node Name
preferences.miscellaneous.only_look_up_log_ip_numbers

CLI Shortcut
olulin

214

Appendix C:Configuration File Reference

Section C: Preference Options

Logout URL
The URL to go to on logout; if empty, goes to login screen

Long Description
This specifies the URL that Reporter sends you to when you log out of Reporter. If this
option is blank, it will send you to the Reporter login screen.

Configuration Node Name
preferences.miscellaneous.logout_url

CLI Shortcut
lu

Temporary files lifespan (seconds) (v7 and v8)
Amount of time to keep temporary files before deleting them (in seconds)

Long Description
This option controls the amount of time, in seconds, Reporter keeps temporary files before
deleting them. Temporary files include temporary profiles (used to browse statistics) and
temporary images (used to embed images in statistics pages). Setting this to a high
number will ensure that temporary images are around as long as they are needed, but will
use more disk space.

Configuration Node Name
preferences.miscellaneous.temporary_files_lifespan

CLI Shortcut
tfl

Trusted hosts (v7 and v8)
The hostnames of computers which are "trusted," and do not need to enter passwords

Long Description
This is a list of the hostnames of computers which are trusted. Hostnames should be
separated from each other by spaces. Any browsing host which contains any of the listed
hostnames as part of its hostname will be trusted, so entire subdomains can be trusted by
entering the domain. Example:
trusted.host.com 206.221.233.20 .trusteddomain.edu

Browsers from these hosts will not be required to enter any passwords—they will be
automatically validated. Use this option with caution—it simplifies the use of Reporter by
eliminating all password screens for the administrative host, but can potentially be a
security hole, if someone uses or spoofs the administrative machine without permission.
If you are connecting from a trusted host, it might be difficult to remove that trusted host
using the Web interface, because Reporter will refuse to allow you administrative access
to change the trusted host, because your host will no longer be trusted. One solution to

215

Blue Coat Reporter Configuration and Management Guide
Section C: Preference Options
this is to modify the preferences.cfg file (in the LogAnalysisInfo folder) manually, with a
text editor, to remove the trusted host. Another solution is to connect from another
system, log in normally, and remove the trusted host that way.

Configuration Node Name
preferences.security.trusted_hosts

CLI Shortcut
th

Show full operating system details in errors (v7 and v8)
Show full operating system version details in the text of error messages

Long Description
This controls whether Reporter displays the full operating system version details in error
message. It is useful for Reporter to do this because this helps to debug problems when
they are reported. However, full operating system details could be of use to someone
attempting to gain unauthorized access to your server, since it would allow them to
determine if you are running a vulnerable version of the operating system. This should
not be an issue if you keep your operating system up to date, but if you'd rather that this
information not be public, you should turn this option off.

Configuration Node Name
preferences.security.show_full_operating_system_details_in_errors

CLI Shortcut
sfosdie

Authentication command line (v7 and v8)
The command line to run to authenticate users.
Important: This poses a security risk, as someone can exploit the connection and launch a
malicious attack.

Long Description
This specifies a command line that Reporter runs when it authenticates users. The
command line program must accept two parameters: the username and the entered
password. The command line must print the names of the profiles that the user is
permitted to access, one name per line. A printed value of *ADMIN* means that the user
is an administrator, and can access any profile, as well as accessing the administrative
interface (any other response, and the administrative interface will not be available). A
printed value of *FAILED* means that the username/password authentication failed.
If this option is blank, Reporter uses the users.cfg file (in LogAnalysisInfo) to authenticate
users.

Configuration Node Name
preferences.security.authentication_command_line

216

Appendix C:Configuration File Reference

Section C: Preference Options

CLI Shortcut
acl

LogAnalysisInfo folder location (v7 and v8)
A folder where Reporter can store profiles and other information

Long Description
This specifies a local folder where Reporter can store profiles, databases, preferences, and
other information. This folder must exist and be writable by Reporter, or must be in a
folder which is writable by Reporter (so Reporter can create it). If this option is empty,
Reporter assumes that the folder is named LogAnalysisInfo, and is found in the same folder
as Reporter. If a file named LogAnalysisInfoDirLoc exists in the same folder as Reporter, the
contents of that file are used as the pathname of this folder, and this option is ignore. If the
environment variable LOGANALYSISINFODIR is set, its value is used instead, and this
option is ignored.

Configuration Node Name
preferences.server.log_analysis_info_directory

CLI Shortcut
laid

Web server port (v7 and v8)
The port to listen on as a Web server

Long Description
This specifies the port Reporter should listen on when it runs as a Web server.

Configuration Node Name
preferences.server.web_server_port

CLI Shortcut
wsp

Maximum simultaneous tasks
Maximum number of simultaneous Web tasks (threads of execution) that Reporter will
perform.

Long Description
This specifies the maximum number of simultaneous tasks (threads of execution) that
Reporter will perform at a time, in Web server mode. When a user attempts to use the
built-in Web server, Reporter will check if there are already this many threads or
connections actively in use. If there are, Reporter will respond with a too busy page.
Otherwise, the connection will be allowed. This prevents Reporter from becoming
overloaded if too many people try to use it at the same time, or if one user works it too
hard (for instance, by rapidly and repeatedly clicking on a view button in the statistics).

217

Blue Coat Reporter Configuration and Management Guide
Section C: Preference Options

Configuration Node Name
preferences.server.maximum_number_of_threads

CLI Shortcut
mnot

Maximum CPU usage percent
Percent of CPU time to use while processing log data

Long Description
This controls how much CPU (processor) time Reporter uses while it is processing log
data. If this is set to 100, Reporter will use as much CPU time as possible, resulting in
highest performance. If this is set to 50, Reporter will pause for one second every second
of processing when possible, resulting in an average CPU usage of 50%; all tasks will take
twice as long to complete. Any value from 1 to 100 is allowed, and on most platforms
Reporter will use the requested percentage of the CPU, but on some platforms (especially
older platforms), any value other than 100% will cause Reporter to use 50% of the CPU.
Lower values can be useful in environments where other users or processes need higher
priority than Reporter, and where the operating system's own priority mechanisms are
not enough to provide that. In general, you should leave this at 100 unless Reporter's CPU
usage is causing problems, and when possible you should use the operating system's own
priority mechanism (for example, nice for UNIX style systems, or the Task Manager in
Windows) to set the process priority lower, rather than using this option. Process
management is best performed by the operating system—individual processes like
Reporter cannot manage themselves nearly as well as the operating system can manage
them.

Configuration Node Name
preferences.server.maximum_cpu_usage_percent

CLI Shortcut
mcup

Web server IP address
The IP address on which to run Blue Coat Reporter's Web server.

Long Description
This specifies the IP address on which Blue Coat Reporter should run its Web server.
Reporter uses all available IPs by default, but if you want to have Reporter's Web server
bind only to a specific IP, you can set this option. Blue Coat Reporter uses the IP address
you specify here as the IP address the server runs on.

Configuration Node Name
preferences.server.server_hostname

CLI Shortcut
sh

218

Appendix D:Using Reporter from the Command Line Interface

Blue Coat Reporter can be directly invoked from the command line interface (CLI).
For instance, you might prefer to build and update your profile databases from the CLI,
avoiding the overhead of the Web interface. For example, the following command
rebuilds a profile database:
bcreportercl -p profile_name -a bd

where profile_name represents the name of your profile.
This command updates a profile database:
bcreportercl -p profile_name -a ghf

This command specifies a profile which is to be used for the current command-line
command. This is typically the first option on any command line that deals with a
particular profile; for example, you might use -p myconfig -a bd to rebuild a
database for the profile CorpUsers.
If this option is a full pathname of an existing file, that file is read as a profile file;
otherwise, Reporter treats it as the name of a profile in the profiles subfolder of the
LogAnalysisInfo folder. If that does not exist either, Reporter scans all profiles in that
directory to see if the label of the any profile matches the specified value, and uses that
profile if it matches.

The Blue Coat Reporter Command Line
The Reporter CLI accepts a wide variety of options, including any preference options
and any options that can be put into a profile file.
Every option has a location in the configuration hierarchy; that is, the page header for
the profile CorpUsers is at
profiles.corpusers.statistics.miscellaneous.page_header, which means that
it is an option in the miscellaneous group of the statistics group of the CorpUsers profile
(corpusers.cfg) in the profiles folder of LogAnalysisInfo folder. After you know the full
name of the option, you can use it on the command line. For example, to override that
value of that option for the duration of the command line action, add this to the
command line:
-profiles.corpusers.statistics.miscellaneous.page_header "SOME
HEADER"

If you have specified the -p option on the command line (as you usually must), you can
also shorten the option, as follows:
-statistics.miscellaneous.page_header "SOME HEADER"

Most options also have shortcuts, and if you know the shortcut, you can use that on the
command line, as follows:
-ph "SOME HEADER"

In most cases, the shortcut is the first letter of each word in the option name (for
example, ph for page_header), but there are a few exceptions where non-standard
shortcuts were required because two options would have had the same shortcut. Some
options also have no shortcuts; in that case, the full option name must be used.

219

Blue Coat Reporter Configuration and Management Guide

Command-line options can be specified by typing them after the executable name (on
Windows, make sure you use the command line executable, bcreport) on the command
line as shown below. To improve ease of reading, a hyphen (-) can be added to the
beginning of any profile option.
The example below is a sample command line that checks the log data from a profile, and
adds any new log data into the existing database for that profile.
bcreporter -p myconfig -a ud

The -p option (profile to use) specifies the profile name; the -a option (Action) specifies
the action. Most command lines include a -p and an -a.

Overriding Profile Options from the Command Line
On the command line, you can modify these options by listing the groups, separated by
dots. For instance, if you wanted to use a hash table size of 8192, you could add this to the
command line:
-database.tuning.hash_table_starting_size 8192

Command line options are listed with a dash followed by the name or shortcut of the
option; followed by a space and the option value. Any profile options can be overridden
in this way. Command-line overrides persist only for the duration of that command-line
action—they do not result in permanent modifications of the profile file.

Building and Updating Databases from the Command Line
You can build and update databases from the Web interface, but in some cases you might
prefer to use the command line to build or update databases. The command line is useful
if you want to automatically and regularly update the database with the latest log entries
(this can also be done from the Scheduler; see "Section F: Configuring the Reporter
Scheduler" on page 97). For instance, it is possible to set up a cron job on a Linux system to
automatically update the database every day with the previous day’s log. The command
line would look something like this:
bcreporter -p configname -a ud

This command line updates the database for the profile name.

About Progress Indicator
When Reporter is used from the command line, this option causes it to show a single-line
text progress indicator. There is not enough room on a single 80-character line to show all
the information that is shown on the Web interface progress page, but Reporter shows the
most important parts:
G:[@@@@@@@@@@ ]47% 643779e E00:20:42 R00:20:01 25M/1976k

The first character (G in this case) is the first letter of the full description of the current
operation, as it would appear in the Web interface view. For instance, in this case the G
stands for “Getting data by FTP.” Other common operations are “(R)eading data” (from a
local file or command) and “(E)rasing database.”
The section in brackets is a progress meter, which gradually fills as the task progresses,
and is completely full at the end. The percentage following the brackets is the percentage
of the task that is now complete. If Reporter cannot determine the length of the task (for
instance, if it is processing gzipped log data, or bzipped log data, or log data from a
command), then it will not show anything in the bar area, and it will show ??% as the
percentage.

220

Appendix D:Using Reporter from the Command Line Interface

The next section (643779e in the example above) is the number of log entries that Reporter
has processed.
The next section (E00:20:42 in the example above) is the time elapsed since processing
began, in hours:minutes:seconds format. That is followed by the estimated time
remaining, (R00:20:01 above), in the same format. If Reporter cannot determine the
length of the task, the time remaining will be R??:??:??.
The last two numbers (25M/1976k above) are the memory used by the database (25M in
this case), and the disk space used by the database (1976 k in this case). Note that this is
just the memory used by this database; Reporter itself will be using additional memory
for other purposes, so the total Reporter memory usage will be higher than this number.

Command Line Options
The following pages give descriptions of the command-line options. All examples use the
executable name for the Windows version of Blue Coat Reporter, BCReporterCL.exe.
When running Reporter under Linux, the name for the Reporter executable is
bcreporter.
The command line options are broken into five sections:


"Managing the Database Managing the Database"



"Getting Profile Information Getting Profile Information"



"Generating Reports Generating Reports"



"Command Line Debug Output Command Line Debug Output"



"Report Filter Syntax Report Filter Syntax"

The commands in sections A, B, and C typically utilize a common command syntax. Each
command requires the profile name to be specified using the -p argument. Each
command also requires an action to be specified using the -a argument. Most commands
can optionally take a filter argument, -f.
The syntax for creating command line filters is documented in Section E. Other optional
and command specific arguments are noted for each command.
Section D covers other run-time and debug settings that can be specified using the
command line

221

Blue Coat Reporter Configuration and Management Guide

Section A: Managing the Database
This section applies to v7 profiles.

build_database (bd)
This builds or rebuilds the database from the log data, erasing any data already in the
database.
Syntax
BCReporterCL.exe -p profile_name -a bd

merge_database (md)
This merges the contents of a database (specified with Merge database directory) into
the current database. After it completes, the current profile's database will contain all
the information it contained prior to the merge, plus the information in the added
database.
This specifies the database directory for a database to merge into the current database.
This is used together with -a md to add the contents of a second database to the current
database. The second database must have the exact same structure as the first—the
easiest way to ensure that is to use the same profile file to build both.
Syntax
BCReporterCL -p profile_name -a md -mdd database_merge_directory

print_database_statistics (pds)
This displays statistics on the database for a profile (specified with the -p
profile_name). It is useful for tuning and debugging memory and disk usage.
Syntax
BCReporterCL.exe -p profile_name -a pds

print_items (pi)
This displays (to the command-line console) all item values for the database field
specified with the -fn option.
Syntax
BCReporterCL.exe -p profile_name -a pi -fn dbfieldname

rebuild_cross_reference_tables (rcrt)
This rebuilds the cross-reference tables of the database from the main table (without
processing any log data). It is much faster than rebuilding the database. It can be useful
if you have modified the cross-reference table settings and want to update the crossreference tables to reflect the new settings, but don't want to rebuild the database.
Syntax
BCReporterCL.exe -p profile_name -a rcrt

222

Appendix D:Using Reporter from the Command Line Interface

Section A: Managing the Database

rebuild_database_hierarchies (rdh)
This rebuilds the hierarchy tables of the database.
Syntax
BCReporterCL.exe -p profile_name -a rdh

rebuild_database_indices (rdi)
This rebuilds the indices of the main table.
Syntax
BCReporterCL.exe -p profile_name -a rdi

remove_database_data (rdd)
This expires all data from the database that is in the filter set specified by Statistics filters.
Syntax
BCReporterCL -p profile_name -a rdd -f {filter}

Example
Remove entries before November 4th, 2005:
C:\Program Files\Blue Coat Reporter>BCReporterCL -p profile_name -a
rdd -f (date_time < "04/Nov/2005 00:00:00")

update_database (ud)
This adds the log data to the database, while also leaving any existing data in the
database.
Syntax
BCReporterCL -p profile_name -a ud

223

Blue Coat Reporter Configuration and Management Guide

Section B: Getting Profile Information
This section describes the commands used to get information about a specific profile.
For example, using these commands you can obtain available report names or database
field names for a profile. These are the names you would then use for arguments in
"Generating Reports Generating Reports", and "Report Filter Syntax Report Filter
Syntax".

list_database_fields (ldf)
This displays (to the command-line console) a list of the internal names of the database
fields in the specified profile (specified with the -p profile_name). These names can
be used for report filters.
Syntax
BCReporterCL.exe -p profile_name -a ldf

list_log_fields (llf)
This displays (to the command-line console) a list of the internal names of the log fields
in the specified profile (specified with the -p profilename). These names can be used for
log filters.
Syntax
BCReporterCL.exe -p profile_name -a llf

list_profiles (lp)
This displays (to the command-line console) a list of the internal names of all profiles.
These names can be used for command-line options that call for profile names.
Syntax
BCReporterCL.exe -p profile_name -a lp

list_reports (lr)
This displays (to the command-line console) a list of the report in the specified profile
(specified with the -p profile_name). These names can be used for command-line
options that call for report names (such as -rn).
Syntax
BCReporterCL.exe -p profile_name -a lr

224

Blue Coat Reporter Configuration and Management Guide

Section C: Generating Reports
This section discusses various methods to generate reports using the Reporter
command line. Reporter can generate CSV files, HTML reports, or send e-mail using
the command line.
These commands all optionally take filter arguments to limit the reports to specific
data. For details on how to write report filters using the command line, see "Report
Filter Syntax Report Filter Syntax".

export_csv_table (ect)
This exports a view table as CSV text. The report to export is specified by Report name
(rn), and is written to the standard output stream, so this is useful only in commandline mode.
Syntax
BCReporterCL -p profile_name -a ect -rn report_name [> filename] [-f
filter]

Example
Output a CSV file of the URL report from the profile_name profile to out.csv:
C:\Program Files\Blue Coat Reporter>BCReporterCL -p profile_name -a
ect -rn url > out.csv

generate_all_report_files (garf)
This generates HTML statistics pages for all reports and the associated images into the
folder specified by Generate HTML report files to folder. The files and images are linked
properly, so the HTML can be browsed directly from the resulting folder. This allows
statistics to be browsed off-line, without having to run Reporter to generate each page.
Reporter generates statistics pages into this folder. This option determines what folder
the files are generated in.
Syntax
BCReporterCL -p profile_name -a garf -rn report_name -ghtd path [-f
filter]

Example
C:\Program Files\Blue Coat Reporter>BCReporterCL.exe -p profile_name
-a garf -ghtd C:\output\

generate_report_files (grf)
This generates HTML statistics pages for a particular report (specified by Report name),
and the associated images, into the folder specified by Generate HTML report files to folder.
The files and images are linked properly, so the HTML can be browsed directly from
the resulting folder. This allows one report to be browsed off-line, without having to
run Reporter to generate each page.
Reporter generates statistics pages into this folder. This option determines what folder
the files are generated in.

225

Blue Coat Reporter Configuration and Management Guide
Section C: Generating Reports
Syntax
BCReporterCL.exe -p profile_name -a grf -rn report_name -ghtd
output_directory [-f filter]

Example
C:\Program Files\Blue Coat Reporter>BCReporterCL.exe -p profile_name a grf -rn cs_username -ghtd d:\reporter7\

print_values (pv)
This displays (to the command-line console) the numerical field values for a particular
filter set.
Syntax
BCReporterCL.exe -p profile_name -a pv

send_report_by_email (srbe)
This sends a statistical report using HTML e-mail. The report is sent to Report email
address(es) with return address Return email address using SMTP Server Hostname. The
report to send is specified by Report to email.
Syntax
BCReporterCL -p profilename -a srbe -rn report_name -rca to:email -rna
from:email -res email_subject -ss smtp_server [-f filter] [-df
datefilter]
rn - reportname
rca - destination email address
rna - 'from' email address
res - "email subject line"
ss - smtp server

226

Blue Coat Reporter Configuration and Management Guide

Section D: Command Line Debug Output
The types of command-line output to generate.
This controls the types of debugging output generated during a command-line action.
This option is a sequence of letters, each representing a particular type of commandline output. If the letter corresponding to a type is present in the sequence, that type of
output will be generated; if it is not present, that type of output will not be generated.
The types, and their corresponding letters, are:


e: Error message output.



g: Generate Blue Coat Reporter logo (banner) output.



b: Built-in Web server basic output.



P: Progress indicator (command line and Web).



w: Built-in Web server debugging output.



f: Filter debugging output.



p: Log parsing debugging output.



i: Database I/O debugging output.



d: Database access debugging output.



D: Detailed database access debugging output.



s: Statistics generation debugging output.



l: Log reading debugging output.



a: Administrative debugging output.



m: Language module debugging output.



n: DNS debugging output.



N: Detailed DNS debugging output.



t: Network debugging output.



q: SQL query debugging.



o: Add a timestamp to every output line.

For instance, a value of eW will show only error messages and basic Web server output.
A value of elbwfpidDslamnNtqo will show all possible output.
Important:

You must also specify the CLI progress indicator shortcut (-v) in conjunction with the
debugging output commands.
CLI Shortcut
-v

Syntax
BCReporterCL -v {options}

Example:
BCReporterCL -v elbwfpidDslamnNtqo

227

Blue Coat Reporter Configuration and Management Guide
Section E: Report Filter Syntax

Section E: Report Filter Syntax
Filters used in reports take a special variant syntax that allows only certain operations.
Subroutines are not allowed, and only database field names are allowed as variables. Only
strings are allowed as constants. The , <=, and => operators are permitted for the
date_time field only. The inside, matches, and matches_regexp operators are permitted
for any field. Expressions can be combined using and, or, and not; arbitrary parentheses
are permitted to allow any combinations. No other syntax is permitted.
This syntax is typically used when generating reports using the command line or
specifying Extra options from the Scheduler (see "Section F: Configuring the Reporter
Scheduler" on page 97 for information about using filters with Scheduler).

Report Statistics Filters
Report statistics filters specify the filters to use when showing a report; i.e., they filter out
all data not matching this expression, so only part of the data is reported.
The value of this option is an expression using configuration language syntax. This syntax
starts with -f and uses two sets of quotes, as follows: use a set of double quotes (") around
the entire filter expression, and use single quotes (') inside the filter expression.
However, only a subset of the configuration language syntax is available for this option.
Specifically, the option can use the following syntax in the following formats:


within: for example:
-f "(page within '/directory')"

-or-f "(date_time within '__/Jan/2006 __:__:__')"


, <=, >=: for date/time field only, for example:
-f "(date_time < '01/Jan/2006 00:00:00')"



and: between any two expressions to perform the boolean 'and' of those expressions



or: between any two expressions to perform the boolean 'or' of those expressions



not: before any expression to perform the boolean 'not' of that expressions



matches: wildcard matching, for example:
"(cs_uri_path matches '/index.*')"



matches_regexp: regular expression matching, for example:
"(cs_uri_path matches_regexp '^/index\\..*$')"

Date/time filters are always in the format dd/mmm/yyyy hh:mm:ss; underscores are used
as wildcards, to match any value in that position. For instance, '15/Oct/2006 __:__:__'
refers to a single day, and '__/Oct/2006 __:__:__' refers to a month, and '__/___/Oct
__:__:__' refers to a year.
Examples
To show only events from October, 2006:
-f "(date_time within '__/Oct/2006 __:__:__')"

To show only events within the page directory /picts/:
-f "(cs_uri_path within '/picts/')"

228

Appendix D:Using Reporter from the Command Line Interface

Section E: Report Filter Syntax
To show only events from October, 2006, for the user BobKent:
-f "((date_time within '__/Oct/2006 __:__:__') and (cs_username within
'BobKent'))"

To show only events from October 4, 2006 through October 10, 2006:
-f "((date_time >= '04/Oct/2006 00:00:00') and (date_time < '10/Oct/
2006 00:00:00'))"

To show only events with source port ending with 00:
-f "(cs_uri_port matches '*00')"

To show only events with source port ending with 00, or with destination port not ending
in 00:
-f "((cs_uri_port matches '*00') or not(s_port matches '*00'))"

To show only events with server_response 404, and on pages whose names contain three
consecutive digits:
-f "((sc_status inside '404') and (cs_uri_path matches_regexp '[09][0-9][0-9]'))"

Configuration Node Name
command_line.filters

CLI Shortcut
-f

Cross Referencing and Simultaneous Report Filters
Reporter lets you zoom in using complex filters, for instance to break down the events on
any particular day by page (in a Web log, to see which pages were hit on that day), or to
break down the events on any page by day (to see which days the page was accessed).
Reporter can be configured to allow this sort of cross-referencing between any or all fields
in the database. This zooming ability is always available, but without cross-reference
tables it must scan the entire main table to compute results, which can be slow for large
datasets. Cross-reference tables provide roll-ups of common queries, so they can be
computed quickly without reference to the main log data table.
Cross-references are not an enabling feature, as they were in earlier versions of Reporter—
all reports are available, even if no cross-reference tables are defined. Cross-reference
tables are an optimizing feature, which increase the speed of certain queries.
Another way of looking at this feature is in terms of filters; when two fields are crossreferenced against each other, Reporter is able to apply filters quickly to both fields at the
same time, without needing to access the main table.
If two fields are not cross-references against each other, Reporter can apply filters to one
field or the other quickly, but filtering both simultaneously requires a full table scan. If the
page field is not cross-referenced against the date/time field, for instance, Reporter can
quickly show the number of hits on a /myfile.html, or the number of hits on Jun/2004,
but not the number of hits on /myfile.html which occurred during Jun/2004 (which
requires a full table scan). This means not only that Reporter cannot quickly show a page
with filters applied to both fields in the Filters section, but also that Reporter cannot
quickly show pages report when there is a filter on the date/time field, or a years/
months/days or days report when there is a filter on the page field, since the individual
items in these views effectively use simultaneous filters to compute the number of hits.

229

Blue Coat Reporter Configuration and Management Guide
Section E: Report Filter Syntax

230

Appendix D: About Upgrading

This appendix describes how to prepare your system to upgrade Blue Coat Reporter
from previous versions.

About Profile Compatibility
v8.2.x to v8.3.x
A system running Reporter 8.2.x can be upgraded directly to v8.3.x. When you log in
and access a profile, it is automatically updated and contains the v8.3.x features.
Important:

You cannot access the databases from v8.2.x after running them in v8.3.x.

v8.1.x to v8.3.x
If you have backup copies of your logs, you can uninstall the current version of
Reporter, install v8.3.x, and re-process the old logs.
Reporter 8.3.x does not support databases or profiles created from v8.1.x. To continue to
access databases created by pre-8.2.1 releases of Reporter, convert previous-version
databases before using them with Reporter 8.3.x. Blue Coat provides a database
converter. Read the v8.1.1 to v8.2.1 upgrade section in the Blue Coat Reporter 8.3.x
Release Notes to learn about this procedure. You must then upgrade to Reporter 8.2.x
before upgrading to 8.3.x.

v7.x to v8.3.x
Existing 7.1.x profiles and databases are not compatible with Reporter 8.2.2.x. If you are
running any versions before Reporter 8.2.1.x, you must upgrade to v8.1.1.x before
upgrading to v8.2.2.x:
1.

Run the upgrade preparation script (as described in the “Upgrade Options (7.x or
8.1.x to 8.3.x)” section below).

2.

Upgrade to Reporter 8.1.1.x.

3.

Remove the Reporter 7.1.x version from your system.

4.

Run the database converter.

5.

Upgrade to Reporter 8.2.2.x.

Windows
The new InstallShield install for Reporter 8.2.x automatically detects (if installing to the
previous install location) the LogAnalysisInfo folder and renames it to
LogAnalysisInfo.old. Installations of Reporter 8.2.2.x are compatible with the newer
profile and database formats, so no rename is required.

231

Blue Coat Reporter Configuration and Management Guide

Linux
Rename the LogAnalysisInfo folder (for example: LogAnalysisInfo.old) before running the
.tar file.

Upgrade Options (7.x or 8.1.x to 8.3.x)
There are two methods for upgrading:


"Upgrade Preparation Option A: Running a Script"



"Upgrade Preparation Option B: Performing Tasks Manually"

Note: Both upgrade procedures retain your existing preferences, schedules, and users.

Upgrade Preparation Option A: Running a Script
This section describes how to run a Blue Coat-provided script that performs the following
tasks that prepares a system that is currently running Reporter 7.1.x for Reporter 8.2.1.x
installation:


Stops and removes the existing Blue Coat Reporter Service.



Renames the existing Reporter 7 installation.



Renames the existing Reporter 7 shortcuts on the Windows Start Menu.



Removes the Reporter 7 registry entries.



Saves existing preferences (preferences.cfg) to a SavedFiles folder.

To upgrade using the script process:
1.
2.

Refer to the Blue Coat Reporter 8.2.x Release Notes for the download link. Copy the
script, BCRupgrade, to a local folder on your hard drive.
Open a command prompt and navigate to the same folder. Enter the command:
bcrupgrade.

3.

The utility prompts you for confirmation of your existing Reporter installation and
prompts for confirmation before it begins the procedure.

4.

When the script is finished, you can proceed with the installation of Reporter 8.2.x, as
described in Chapter 2: “Installation” on page 11.

5.

After completing the installation, copy the C:\Program Files\Blue Coat
Reporter\SavedFiles\preferences.cfg file back into the C:\Program Files\Blue Coat
Reporter\LogAnalysisInfo folder.

When you access Reporter 8.2.1.x, all of your existing schedules, databases, and users are
retained.

Upgrade Preparation Option B: Performing Tasks Manually
This section describes how to manually perform tasks that prepares a system that is
currently running Reporter 7.1.x for Reporter 8.2.1.x installation. This method allows you
to create a Reporter folder other than the default.
Stop the Blue Coat Reporter service:
Perform one of the following:

232

Appendix D:About Upgrading



Windows 2000/2003:
a.

Select Start > Control Panel > Administrative Tools > Services applet. -orSelect Start > Run; in the Open field, enter services.msc; click OK.

b.


Right-click the Blue Coat Reporter service and select Stop.

Windows XP:
a.

Select Start > Control Panel > Performance and Maintenance > Administrative
Tools; double-click the Services applet. -orSelect Start > Run; in the Open field, enter services.msc; click OK.

b.


Select the Blue Coat Reporter service and click Stop the service.

Windows 2000/2003/XP: Run the following two commands from a command
prompt:
net stop "Blue Coat Reporter"
sc delete bcreporterservice

Note: The sc.exe utility used above is available for Windows 2000 as part of the
Windows 2000 Server Resource Kit. The sc.exe utility is included automatically for
versions of Windows XP and above. If you do not have sc.exe, this step can be excluded.

Close all programs:
1.

Close all open browsers, explorers and command prompts that are running Reporter
or pointing to a Reporter directory.

2.

Access the Windows Task Manager and verify that all bcReporterCL.exe processes
have stopped running; if any processes remain, end them.

Rename the existing Blue Coat Reporter installation directory:
Reporter 8.1.1 is installed in a generically named directory that is no longer identified by
version number. Rename the Blue Coat Reporter 7 directory to Blue Coat Reporter. For
example (from a command prompt):
ren "C:\Program Files\Blue Coat Reporter 7" "Blue Coat Reporter"

The above command fails if you have any Explorer or command prompt residing in
(pointing to) the C:\Program Files\Blue Coat Reporter 7 directory. This is a common cause of
failure.
Rename the existing Start Menu shortcut:
1.

Select Start > All Programs.

2.

Right-click Blue Coat Reporter 7 and select rename.

3.

In the dialog, rename to Blue Coat Reporter and click OK.

Save existing preferences/delete profiles and databases:
1.

In Windows Explorer, navigate to the newly named Reporter directory. For example:
C:\Program Files\Blue Coat Reporter; delete the profiles and databases.

2.

In the Blue Coat Reporter folder, create a new folder named SavedFiles.

3.

Copy the existing C:\Program Files\LogAnalysisInfo\preferences.cfg file to the
newlycreated SavedFiles folder.

Alternately, you can enter the following commands at command prompt:

233

Blue Coat Reporter Configuration and Management Guide

cd /d "C:\Program Files\Blue Coat Reporter"
md SavedFiles
copy /y LogAnalysisInfo\preferences.cfg SavedFiles

Install Reporter 8.2.x:
Install Reporter as described in Chapter 2: “Installation” on page 11. If you created a
folder (and Start Menu shortcut) that differs from the default (C:\Program Files\Blue Coat
Reporter), install Reporter in the same folder that you created in this procedure.
Copy back preferences:
After completing the installation, copy the C:\Program Files\Blue Coat
Reporter\SavedFiles\preferences.cfg file back into the C:\Program Files\Blue Coat
Reporter\LogAnalysisInfo folder.
The upgrade procedure is complete. When you launch Reporter 8.2.x, all of your existing
profiles, schedules, databases, and users are retained.

234

Appendix F: Copyrights

Third Party Copyright Notices
Blue Coat Systems, Inc. utilizes third party software from various sources. Portions of this software are copyrighted by their
respective owners as indicated in the copyright notices below.
The following lists the copyright notices for:
BPF
Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source
code distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code
include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with
the distribution, and (3) all advertising materials mentioning features or use of this software display the following
acknowledgement:
This product includes software developed by the University of California, Lawrence Berkeley Laboratory and its
contributors.
Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived
from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
DES
Software DES functions written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from the 1977 public-domain
program by Jim Gillogly.
EXPAT
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Finjan Software
Copyright (c) 2003 Finjan Software, Inc. All rights reserved.
Flowerfire
Copyright (c) 1996-2002 Greg Ferrar
ISODE
ISODE 8.0 NOTICE
Acquisition, use, and distribution of this module and related materials are subject to the restrictions of a license agreement.
Consult the Preface in the User's Manual for the full terms of this agreement.
4BSD/ISODE SMP NOTICE
Acquisition, use, and distribution of this module and related materials are subject to the restrictions given in the file SMPREAD-ME.
UNIX is a registered trademark in the US and other countries, licensed exclusively through X/Open Company Ltd.
MD5
RSA Data Security, Inc. MD5 Message-Digest Algorithm
Copyright (c) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 MessageDigest Algorithm" in all material mentioning or referencing this software or this function.
License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA
Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of
this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.
THE BEER-WARE LICENSE" (Revision 42):
> wrote this file. As long as you retain this notice you can do whatever you
want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. PoulHenning Kamp

235

Blue Coat Reporter Configuration and Management Guide

Microsoft Windows Media Streaming
Copyright (c) 2003 Microsoft Corporation. All rights reserved.
Novell and eDirectory are [either] registered trademarks [or] trademarks of Novell, Inc. in the United States and other countries.
LDAPSDK.DLL Copyright (c) 2006 Novell, Inc. All rights reserved.
LDAPSSL.DLL Copyright (c) 2006 Novell, Inc. All rights reserved.
LDAPX.DLL Copyright (c) 2006 Novell, Inc. All rights reserved.
The following are copyrights and licenses included as part of Novell's LDAP Libraries for C:
HSpencer
Copyright 1992, 1993, 1994 Henry Spencer. All rights reserved.
This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University
of California.
Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it,
subject
to the following restrictions:
1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in
it.
2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read
sources, credits must appear in the documentation.
3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few
users ever read sources, credits must appear in the documentation.
4. This notice may not be removed or altered.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Copyright (c) 1994
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
This product includes software developed by the University of California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@(#)COPYRIGHT
(Berkeley) 3/16/94

8.1

OpenLDAP
Copyright 1998,1999 The OpenLDAP Foundation, Redwood City, California, USA
All rights reserved.
Redistribution and use in source and binary forms are permitted only as authorized by the OpenLDAP Public License. A copy of
this license is available at http://www.OpenLDAP.org/license.html or in file LICENSE in the top-level directory of the
distribution.
Individual files and/or contributed packages may be copyright by other parties and use subject to additional restrictions.
This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning is available at
http://www.umich.edu/~dirsvcs/ldap/ldap.html.
This work also contains materials derived from public sources.
Additional Information about OpenLDAP can be obtained at:
http://www.openldap.org/
or by sending e-mail to:
info@OpenLDAP.org
Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
All rights reserved.
Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is
given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products
derived from this software without specific prior written permission. This software is provided ``as is'' without express or
implied warranty.
The OpenLDAP Public License

236

Appendix F: Copyrights

Version 2.0.1, 21 December 1999
Copyright 1999, The OpenLDAP Foundation, Redwood City, California, USA.
All Rights Reserved.
Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain copyright statements and notices. Redistributions must also contain a copy of this
document.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. The name "OpenLDAP" must not be used to endorse or promote products derived from this Software without prior written
permission of the OpenLDAP Foundation. For written permission, please contact foundation@openldap.org.
4. Products derived from this Software may not be called "OpenLDAP" nor may "OpenLDAP" appear in their names without
prior written permission of the OpenLDAP Foundation. OpenLDAP is a trademark of the OpenLDAP Foundation.
5. Due credit should be given to the OpenLDAP Project
(http://www.openldap.org/.
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
OPENLDAP FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license
apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of
any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License
--------------====================================================================
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this
software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior
written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
====================================================================
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software
written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
----------------------Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to
conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following
conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL
documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson
(tjh@cryptsoft.com).

237

Blue Coat Reporter Configuration and Management Guide

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a
product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual
message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
“This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include
an acknowledgement:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code
cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]
[end of copyrights and licenses for Novell's LDAP Libraries for C]
OpenLDAP
Copyright (c) 1999-2001 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy
and distribute verbatim copies of this document is granted.
http://www.openldap.org/software/release/license.html
The OpenLDAP Public License Version 2.7, 7 September 2001
Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain copyright statements and notices,
2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the
following disclaimer in the documentation and/or other materials provided with the distribution, and
3. Redistributions must contain a verbatim copy of this document.
The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You
may use this Software under terms of this license revision or under the terms of any subsequent revision of the license.
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other
dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain
with copyright holders.
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
OpenSSH
Copyright (c) 1995 Tatu Ylonen , Espoo, Finland. All rights reserved
This file is part of the OpenSSH software.
The licences which components of this software fall under are as follows. First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.
OpenSSH contains no GPL code.
1) As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of
this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC
file, it must be called by a name other than "ssh" or "Secure Shell".
[Tatu continues]
However, I am not implying to give any licenses to any patents or copyrights held by third parties, and the software includes
parts that are not under my direct control. As far as I know, all included source code is used in accordance with the relevant
license agreements and can be used freely for any purpose (the GNU license being the most restrictive); see below for details.
[However, none of that term is relevant at this point in time. All of these restrictively licenced software components which he
talks about have been removed from OpenSSH, i.e.,

238

Appendix F: Copyrights

- RSA is no longer included, found in the OpenSSL library
- IDEA is no longer included, its use is deprecated
- DES is now external, in the OpenSSL library
- GMP is no longer used, and instead we call BN code from OpenSSL
- Zlib is now external, in a library
- The make-ssh-known-hosts script is no longer included
- TSS has been removed
- MD5 is now external, in the OpenSSL library
- RC4 support has been replaced with ARC4 support from OpenSSL
- Blowfish is now external, in the OpenSSL library
[The licence continues]
Note that any information and cryptographic algorithms used in this software are publicly available on the Internet and at any
major bookstore, scientific library, and patent office worldwide. More information can be found e.g. at "http://www.cs.hut.fi/
crypto".
The legal status of this program is some combination of all these permissions and restrictions. Use only at your own
responsibility. You will be responsible for any legal consequences yourself; I am not making any claims whether possessing or
using this is legal or not in your country, and I am not taking any responsibility on your behalf.
NO
WARRANTY
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE
EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED
BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
2) The 32-bit CRC compensation attack detector in deattack.c was contributed by CORE SDI S.A. under a BSD-style license.
Cryptographic attack detector for ssh - source code
Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. All rights reserved. Redistribution and use in source and binary
forms, with or without modification, are permitted provided that this copyright notice is retained. THIS SOFTWARE IS
PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI
S.A. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES
RESULTING FROM THE USE OR MISUSE OF THIS SOFTWARE.
Ariel Futoransky
3) ssh-keygen was contributed by David Mazieres under a BSD-style license.
Copyright 1995, 1996 by David Mazieres . Modification and redistribution in source and binary forms is
permitted provided that due credit is given to the author and the OpenBSD project by leaving this copyright notice intact.
4) The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed
with the following license:
@version 3.0 (December 2000)
Optimised ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen
@author Antoon Bosselaers
@author Paulo Barreto
This code is hereby placed in the public domain.
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5) One component of the ssh source code is under a 3-clause BSD license, held by the University of California, since we pulled
these parts from original Berkeley code.
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:

239

Blue Coat Reporter Configuration and Management Guide

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
6) Remaining components of the software are provided under a standard 2-term BSD licence with the following names as
copyright holders:
Markus
Friedl
Theo de
Raadt
Niels
Provos
Dug Song
Aaron
Campbell
Damien
Miller
Kevin
Steves
Daniel
Kouril
Wesley
Griffin
Per
Allansson
Nils
Nordman
Simon
Wilkinson
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
OpenSSL
Copyright (c) 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
http://www.openssl.org/about/
http://www.openssl.org/about/
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson
.
The OpenSSL toolkit is licensed under a Apache-style license which basically means that you are free to get and use it for
commercial and non-commercial purposes.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to
conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following
conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL
documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson
(tjh@cryptsoft.com).

240

Appendix F: Copyrights

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in
a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a
textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This
product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if
the routines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include
an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code
cannot simply be copied and put under another distribution license [including the GNU Public License.]
Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this
software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior
written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software
developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software
written by Tim Hudson (tjh@cryptsoft.com).
PCRE
Copyright (c) 1997-2001 University of Cambridge
University of Cambridge Computing Service, Cambridge, England. Phone: +44 1223 334714.
Written by: Philip Hazel
Permission is granted to anyone to use this software for any purpose on any computer system, and to redistribute it freely,
subject to the following restrictions:
1. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2. Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel,
and copyright by the University of Cambridge, England.
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
PHAOS SSLava and SSLavaThin
Copyright (c) 1996-2003 Phaos Technology Corporation. All Rights Reserved.
The software contains commercially valuable proprietary products of Phaos which have been secretly developed by Phaos, the
design and development of which have involved expenditure of substantial amounts of money and the use of skilled
development experts over substantial periods of time. The software and any portions or copies thereof shall at all times remain
the property of Phaos.
PHAOS MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE SOFTWARE, OR ITS
USE AND OPERATION ALONE OR IN COMBINATION WITH ANY OTHER SOFTWARE.
PHAOS SHALL NOT BE LIABLE TO THE OTHER OR ANY OTHER PERSON CLAIMING DAMAGES AS A RESULT OF THE
USE OF ANY PRODUCT OR SOFTWARE FOR ANY DAMAGES WHATSOEVER. IN NO EVENT WILL PHAOS BE LIABLE

241

Blue Coat Reporter Configuration and Management Guide

FOR SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBLITY OF SUCH
DAMAGES.
RealSystem
The RealNetworks® RealProxy™ Server is included under license from RealNetworks, Inc. Copyright 1996-1999, RealNetworks,
Inc. All rights reserved.
SNMP
Copyright (C) 1992-2001 by SNMP Research, Incorporated.
This software is furnished under a license and may be used and copied only in accordance with the terms of such license and
with the inclusion of the above copyright notice. This software or any other copies thereof may not be provided or otherwise
made available to any other person. No title to and ownership of the software is hereby transferred. The information in this
software is subject to change without notice and should not be construed as a commitment by SNMP Research, Incorporated.
Restricted Rights Legend:
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause at DFARS 252.227-7013; subparagraphs (c)(4) and (d) of the Commercial
Computer Software-Restricted Rights Clause, FAR 52.227-19; and in similar clauses in the NASA FAR Supplement and other
corresponding governmental regulations.
PROPRIETARY NOTICE
This software is an unpublished work subject to a confidentiality agreement and is protected by copyright and trade secret law.
Unauthorized copying, redistribution or other use of this work is prohibited. The above notice of copyright on this source code
product does not indicate any actual or intended publication of such source code.
STLport
Copyright (c) 1999, 2000 Boris Fomitchev
This material is provided "as is", with absolutely no warranty expressed or implied. Any use is at your own risk.
Permission to use or copy this software for any purpose is hereby granted without fee, provided the above notices are retained
on all copies. Permission to modify the code and to distribute modified code is granted, provided the above notices are retained,
and a notice that the code was modified is included with the above copyright notice.
The code has been modified.
Copyright (c) 1994 Hewlett-Packard Company
Copyright (c) 1996-1999 Silicon Graphics Computer Systems, Inc.
Copyright (c) 1997 Moscow Center for SPARC Technology
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Hewlett-Packard Company makes no representations about the suitability of this
software for any purpose. It is provided "as is" without express or implied warranty.
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Silicon Graphics makes no representations about the suitability of this software for
any purpose. It is provided "as is" without express or implied warranty.
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Moscow Center for SPARC Technology makes no representations about the
suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
SmartFilter
Copyright (c) 2003 Secure Computing Corporation. All rights reserved.
SurfControl
Copyright (c) 2003 SurfControl, Inc. All rights reserved.
Symantec AntiVirus Scan Engine
Copyright (c) 2003 Symantec Corporation. All rights reserved.
TCPIP
Some of the files in this project were derived from the 4.X BSD (Berkeley Software Distribution) source.
Their copyright header follows:
Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
This product includes software developed by the University of California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

242

Appendix F: Copyrights

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Trend Micro
Copyright (c) 1989-2003 Trend Micro, Inc. All rights reserved.
zlib
Copyright (c) 2003 by the Open Source Initiative
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any
damages arising from the use of this software.
ICU License - ICU 1.8.1 and later COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1995-2003 International Business
Machines Corporation and others All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit
persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice
appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting
documentation. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS
INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL
DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH
THE USE OR PERFORMANCE OF THIS SOFTWARE. Except as contained in this notice, the name of a copyright holder shall
not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written
authorization of the copyright holder
The SG Client software is based in part on the work of the Independent JPEG Group
The SG Client software is based in part on the work of the FreeType Project (www.freetype.org)
LEGAL ISSUES
============
In plain English:
1. We don't promise that this software works. (But if you find any bugs, please let us know!)
2. You can use this software for whatever you want. You don't have to pay us.
3. You may not pretend that you wrote this software. If you use it in a program, you must acknowledge somewhere in your
documentation that
you've used the IJG code.
In legalese:
The authors make NO WARRANTY or representation, either express or implied, with respect to this software, its quality,
accuracy, merchantability, or fitness for a particular purpose. This software is provided "AS IS", and you, its user, assume the
entire risk as to its quality and accuracy.
This software is copyright (C) 1991-1998, Thomas G. Lane. All Rights Reserved except as specified below.
Permission is hereby granted to use, copy, modify, and distribute this software (or portions thereof) for any purpose, without fee,
subject to these conditions:
(1) If any part of the source code for this software is distributed, then this README file must be included, with this copyright
and no-warranty notice unaltered; and any additions, deletions, or changes to the original files must be clearly indicated in
accompanying documentation. (2) If only executable code is distributed, then the accompanying documentation must state that
"this software is based in part on the work of the Independent JPEG Group". (3) Permission for use of this software is granted
only if the user accepts full responsibility for any undesirable consequences; the authors accept NO LIABILITY for damages of
any kind.
These conditions apply to any software derived from or based on the IJG code, not just to the unmodified library. If you use our
work, you ought to acknowledge us.
Permission is NOT granted for the use of any IJG author's name or company name in advertising or publicity relating to this
software or products derived from it. This software may be referred to only as "the Independent JPEG Group's software".
We specifically permit and encourage the use of this software as the basis of commercial products, provided that all warranty or
liability claims are assumed by the product vendor.
ansi2knr.c is included in this distribution by permission of L. Peter Deutsch, sole proprietor of its copyright holder, Aladdin
Enterprises of Menlo Park, CA. ansi2knr.c is NOT covered by the above copyright and conditions, but instead by the usual
distribution terms of the Free Software Foundation; principally, that you must include source code if you redistribute it. (See the
file ansi2knr.c for full details.) However, since ansi2knr.c is not needed as part of any program generated from the IJG code, this
does not limit you more than the foregoing paragraphs do.
The Unix configuration script "configure" was produced with GNU Autoconf. It is copyright by the Free Software Foundation
but is freely distributable. The same holds for its supporting scripts (config.guess, config.sub, ltconfig, ltmain.sh). Another
support script, install-sh, is copyright by M.I.T. but is also freely distributable.
It appears that the arithmetic coding option of the JPEG spec is covered by patents owned by IBM, AT&T, and Mitsubishi. Hence
arithmetic coding cannot legally be used without obtaining one or more licenses. For this reason, support for arithmetic coding
has been removed from the free JPEG software. (Since arithmetic coding provides only a marginal gain over the unpatented
Huffman mode, it is unlikely that very many implementations will support it.) So far as we are aware, there are no patent
restrictions on the remaining code.
The IJG distribution formerly included code to read and write GIF files. To avoid entanglement with the Unisys LZW patent, GIF
reading support has been removed altogether, and the GIF writer has been simplified to produce "uncompressed GIFs". This
technique does not use the LZW algorithm; the resulting GIF files are larger than usual, but are readable by all standard GIF
decoders.

243

Blue Coat Reporter Configuration and Management Guide

We are required to state that "The Graphics Interchange Format(c) is the Copyright property of CompuServe Incorporated.
GIF(sm) is a Service Mark property of CompuServe Incorporated."
The FreeType Project LICENSE
2006-Jan-27
Copyright 1996-2002, 2006 by David Turner, Robert Wilhelm, and Werner Lemberg
Introduction
=========
The FreeType Project is distributed in several archive packages; some of them may contain, in addition to the FreeType font
engine, various tools and contributions which rely on, or relate to, the FreeType Project.
This license applies to all files found in such packages, and which do not fall under their own explicit license. The license
affects thus the FreeType font engine, the test programs, documentation and makefiles, at the very least.
This license was inspired by the BSD, Artistic, and IJG (Independent JPEG Group) licenses, which all encourage inclusion
and use of free software in commercial and freeware products alike. As a consequence, its main points are that:
o We don't promise that this software works. However, we will be interested in any kind of bug reports. (`as is' distribution)
o You can use this software for whatever you want, in parts or full form, without having to pay us. (`royalty-free' usage)
o You may not pretend that you wrote this software. If you use it, or only parts of it, in a program, you must acknowledge
somewhere in your documentation that you have used the FreeType code. (`credits')
We specifically permit and encourage the inclusion of this software, with or without modifications, in commercial products.
We disclaim all warranties covering The FreeType Project and assume no liability related to The FreeType Project.
Finally, many people asked us for a preferred form for a credit/disclaimer to use in compliance with this license. We thus
encourage you to use the following text:
“Portions of this software are copyright (c) 2007The FreeType Project (www.freetype.org). All rights reserved."
Legal Terms
=========
0. Definitions
Throughout this license, the terms `package', `FreeType Project', and `FreeType archive' refer to the set of files originally
distributed by the authors (David Turner, Robert Wilhelm, and Werner Lemberg) as the `FreeType Project', be they named as
alpha, beta or final release.
`You' refers to the licensee, or person using the project, where `using' is a generic term including compiling the project's source
code as well as linking it to form a `program' or `executable'. This program is referred to as `a program using the FreeType
engine'.
This license applies to all files distributed in the original FreeType Project, including all source code, binaries and
documentation, unless otherwise stated in the file in its original, unmodified form as distributed in the original archive. If
you are unsure whether or not a particular file is covered by this license, you must contact us to verify this.
The FreeType Project is copyright (C) 1996-2000 by David Turner, Robert Wilhelm, and Werner Lemberg. All rights reserved
except as specified below.
1. No Warranty
THE FREETYPE PROJECT IS PROVIDED `AS IS' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY DAMAGES
CAUSED BY THE USE OR THE INABILITY TO USE, OF THE FREETYPE PROJECT.
2. Redistribution
This license grants a worldwide, royalty-free, perpetual and irrevocable right and license to use, execute, perform, compile,
display, copy, create derivative works of, distribute and sublicense the FreeType Project (in both source and object code
forms) and derivative works thereof for any purpose; and to authorize others to exercise some or all of the rights granted
herein, subject to the following conditions:
o Redistribution of source code must retain this license file (`FTL.TXT') unaltered; any additions, deletions or changes to the
original files must be clearly indicated in accompanying documentation. The copyright notices of the unaltered, original
files must be preserved in all copies of source files.
o Redistribution in binary form must provide a disclaimer that states that the software is based in part of the work of the
FreeType Team, in the distribution documentation. We also encourage you to put an URL to the FreeType web page in your
documentation, though this isn't mandatory.
These conditions apply to any software derived from or based on the FreeType Project, not just the unmodified files. If you
use our work, you must acknowledge us. However, no fee need be paid to us.
3. Advertising
Neither the FreeType authors and contributors nor you shall use the name of the other for commercial, advertising, or
promotional purposes without specific prior written permission.
We suggest, but do not require, that you use one or more of the following phrases to refer to this software in your
documentation or advertising materials: `FreeType Project', `FreeType Engine', `FreeType library', or `FreeType Distribution'.
As you have not signed this license, you are not required to accept it. However, as the FreeType Project is copyrighted
material, only this license, or another one contracted with the authors, grants you the right to use, distribute, and modify it.
Therefore, by using, distributing, or modifying the FreeType Project, you indicate that you understand and accept all the
terms of this license.
4. Contacts
There are two mailing lists related to FreeType:
o freetype@nongnu.org

244

Appendix F: Copyrights

Discusses general use and applications of FreeType, as well as future and wanted additions to the library and distribution. If
you are looking for support, start in this list if you haven't found anything to help you in the documentation.
o freetype-devel@nongnu.org
Discusses bugs, as well as engine internals, design issues, specific licenses, porting, etc.
Our home page can be found at http://www.freetype.org

245

Blue Coat Reporter Configuration and Management Guide

246

Index

A
access log
naming conventions, optimal 161
add new log soruce (v8) 110
admin users
creating 51
administrative menu 17
advanced expression filters
require semicolon 137
auto-detection of log formats caution 42

B
Blue Coat custom log format
ELFF fields explained 142
using 42

C
calculations
date offset 160
PVC 158
case sensitive field values 159
CIFS log (v8)
field names 174
CIFS logs (v8)
field names 166
CIFS reports
dashboard 71
CLI
databases, building, updating 222
configuring
controllable log readers 109
controllable log readers, configuring 109
creating a v7 data profile 38
creating roles 47
cross referencing and simultaneous filters 231

D
dashboard
adding additional log files 71
adding reports 66
CIFS reports 71
editing reports 68
log reader 62

speedometers 63
stream reader 66
viewing full reports 69
data profile
creating v8 26
default 22
definition 22
v8, about 22
v8, content filtering reporting 24
v8, optimal Blue Coat SG log formats 23
database
editing options 139
editing tuning 141
tuning options 184
database (v8)
unloading, reloading 36
databases
building faster 183
building, updating from the command line 222
less memory, using 183
date offset
editing option 132
Date offset calculations, about 160
disk
usage 182
DNS
editing profile lookup 142
document conventions 10

E
Easy E-mail 106
Easy Schedule 105
editing a log source (v8) 111
editing v8 profiles 108
ELFF fields
in Blue Coat custom log format 142

F
field value normalization 159
filters
difference between log and report filters 19
filters icon
using 89

247

Blue Coat Reporter Configuration and Management Guide

graph display, configuring 119, 147

creating 50
normalization, field value 159

H

P

hits
versus page views 43

page view combiner, about 158
page views
versus hits 43
password
what to do if you forget it 14
profile
CLI, creating through 201
edit (v7) 129
edit (v8) 108
log filters (v7) 133
log processing (v7) 131
log source (v7) 130
log source, selecting 26
options overriding from command line 222
server preferences 53
profile editor
using 129
PVC, about 158

G

L
license
Standard versus Enterprise 18
Linux
Web server, installing 13
log filters
adding and editing 134
overview 19, 133
versus report filters 19
log format
auto-detection warning 42
using Blue Coat custom 42
log processing
browse time calculations 160
concepts 161
date offset 132
editing options 131
field value normalization 159
PVC, about 158
threads 132
log source
add new (v8) 110
edit (v8) 111
editing or adding new 110, 130
selecting 26

M
main log (v8)
field matrix 169
field names 165
memory
usage 182
using less during database builds 183
menus
configuring reports menu 120, 148
multi-user environment
setting up 50

N
network shares
troubleshooting Windows service 14
non-admin users

248

R
real time reporting
interactivity notes 36
linking an SG appliance 33
multiple SG appliances 35
reloading a database (v8) 36
report
configuring 120, 148
configuring display/output 115, 144
configuring graph display 119, 147
configuring reports menu 120, 148
managing with profile configuration options 115,
144
report database generation 60
using the filters icon 89
report filters
versus log filters 19
report management
about the Scheduler 97
easy e-mail 106
easy save 93
easy schedule 105
exporting a report 94
Reporter
browser support 11
configuration files 200

Index

cross referencing and simultaneous filters 231
databases
building faster 183
hardware requirements 11
launching 14
memory, disk, time usage 182
software requirements 11
Standard versus Enterprise 18
troubleshooting suggestions 14
using, examples 194
reports
date range 87
expression filter 88
roles
assigning users 50
creating 47

S
Scheduler
about 97
semicolon
required with advanced expression filters 137
server
profile preferences 53
speedometer
CIFS 72
speedometers
main 63
Standard versus Enterprise license 18

T
time
usage 182
tracking
date/time 44
hosts 44
troubleshooting
Windows network shares 14

U

user accounts
creating 50
creating admins 51
creating non-admins 50
tips on creating 51
username
what to do if you forget it 14

V
v7 data profile
about 25
creating 38
v7 reports
calender element 86
overview page 83
v8 data profile
about 22
content filtering reporting 24
creating 26
optimal Blue Coat SG log formats 23
v8 reports
adding log files 71
dashboard, editing 68
dashboard, main
dashboard
main logs 61
dashboard, viewing full 69
log reader 62
report filter, applying 73
stream reader 66
viewing 78

W
Web server
Linux, installing 13
troubleshooting 14
Windows, installing 12
Windows
Web server, installing 12

unloading a database (v8( 36

249

Document Path: ["121-blue-coat-instruction-management-guide.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh