This article applies to:
- Security Reporting Center 2.0
- Security Reporting Center 2.1
Question:
How does Security Reporting Center handle log files from load balanced firewalls or proxy servers?
Information:
Case 1: Activity Logs are Combined in One Store
In some firewall clusters, the firewalls use the same log resource. All log records from the different servers are stored in the same log file. Proxy servers rarely use the same log resource, though the same guidelines apply if they are configured in this way.
Security Reporting Center will need a firewall or proxy server license for each of the servers in the cluster. Since Security Reporting Center automatically manages server licenses, there is no way to choose a range of servers on which to report.
Case 2: Each Firewall Maintains its Own Activity Log
In some cases, each firewall or proxy server in the cluster maintains its own log data separate from the other firewalls. Security Reporting Center can be configured to read and combine data from multiple logs as long as they are from the same type of server. Use wildcards in the log file path field to combine multiple logs (see the online help for more information).
In the same way, Security Reporting Center will require another firewall or proxy server license if multiple logs from different servers need to be combined.
- This article was previously published as:
- NETIQKB13564