Loading...

Knowledge Center


Data loss in reporting due to rsyslog rate limit feature added in Web Gateway 7.7.1.1
Technical Articles ID:   KB88905
Last Modified:  3/13/2017

Environment

McAfee Web Gateway 7.7.1.1

Problem

Web Gateway 7.7.1.1 included an rsyslogd update that introduced rate limiting for the number of log-lines accepted per given time period. This new feature was activated by default, and when the rate limit was reached, you would see log-lines dropped by rsyslogd
  • Web Protection Service [WPS] (also known as SaaS Web Protection; Control Console interface) was affected between March 3, 2017 and March 13, 2017-03-13 09:00h UTC.
    The configuration was reverted, the functionality disabled, and all nodes are now operating as expected.
     
  • Web Gateway Cloud Service [WEB-GW-CS] (Cloud ePO interface) was not affected at the time Web Protection Service was affected, and is still not affected.
     
  • Web Gateway (on-premise) [WEB-GW-7] 7.7.1.1 is affected.
    This applies to installations where you have configured access logging using syslog, which is not the default setup.

Workaround

Web Gateway (on-premise) [WEB-GW-7] 7.7.1.1 users can workaround this issue by editing the sylog configuration file:
  1. Open the Web Gateway manager, select Configuration, File Editor, and then open the sylog configuration file.
  2. Disable the functionality by setting the following entries to 0 (zero): 

    SystemLogRateLimitInterval 0
    SystemLogRateLimitBurst 0

    NOTE: 
    Add those parameters if they do not exist in the configuration file. 
     
  3. Save your changes.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.