[. . . ] 5. 3 Sophos Reporting Interface 4 Check the requirements You should check that you have: SEC 4. 0, SEC 4. 5, or SEC 4. 7 installed. a valid, complete backup of your database and Enterprise Console installation. the necessary administrator privileges to makes changes to the Enterprise Console database during the Reporting Interface installation. . NET Framework 2. 0 or later installed and sufficient privileges to install a new service on the computer where Log Writer will be installed. 5 Check the version of Enterprise Console To check the product version of Sophos Enterprise Console: 1. [. . . ] If you want to generate a verbose log file during the installation of Log Writer use the following command: msiexec /l*v logfile. txt /i "SophosReportingLogWriter. msi" The log file will be created in the folder in which the command was executed. If you have the Show configuration file check box selected, a window appears with the default configuration file, SophosLogWriterConfig. xml, highlighted. If you want to use the default configuration that is provided with Log Writer, continue to the next step and start the Log Writer service. For information on default configuration, see Default Log Writer configuration (page 7). To edit the Log Writer configuration file, see Configure Log Writer (page 7). To start the Log Writer service: a) Open Control Panel and double-click Administrative Tools. c) Select Sophos Reporting Log Writer and click Start to start the service. Log Writer reads the configuration file when it is first started and requires a restart of the service for any configuration changes. 8. 3 Default Log Writer configuration The default configuration file contains two datafeeds. It extracts the threat event data using the ThreatEventData data source. The default log file will be in the 'Log Files' folder using the default data formatting files in the 'Configuration Files' folder located in the Log Writer installation folder. Data for the last 7 days will be extracted when the service is started with the default configuration. 9 Configure Log Writer The Configuration Files folder is located in the Log Writer's installation folder. We recommend adding only one feed at a time as this helps in troubleshooting and reduces the load on the database. The datafeed definition is as follows: Note: Each datafeed must specify a single <tick> and <logFile> element. They specify the frequency to check the database for new data and the location to save data. The <applyLogFormat> element takes a value of either true or false and specifies whether to prefix each line with the date and time the line was written to the log file. This can be useful if a third-party tool such as Splunk is used which automatically picks up the first date on each line of the log file. If it is not set then the log file date is not prefixed. 8 user guide The size of the log file is bounded by the <file_size> element and log rotation is performed using the <no_of_files> element. It specifies the number of times the log will be rotated before being deleted. The log file without suffix is the latest and the log file with highest number suffix is the oldest, the oldest file will be overwritten. Each datafeed contains one or more <call> elements which are labelled with a unique callID attribute. The Log Writer keeps track of each call made by storing a timestamp for each call in a "[CallID]. last" file. The callID must be unique. <datafeeds> <datafeed> <tick> [POLL TIME IN SECONDS] </tick> <applyLogFormat> [LOG FORMAT] </applyLogFormat> <logFile> <noOfFiles> [NUMBER OF BACKUP FILES] </noOfFiles> <fileSize> [MAX FILE SIZE KB/MB/GB] </fileSize> <outputLocataion> [LOG FILE LOCATION] </outputLocation> <outputFilename> [LOG FILE NAME] </outputFilename> </logFile> <call callID = "[UNIQUE CALL NAME]"> <dataSource> [DATA SOURCE TO USE] </dataSource> <dataConfigurationLocation>[CALL DATA CONFIGFILE LOCATION]</dataConfigurationLocation> <dataConfigurationFile>[CALL DATA CONFIG FILENAME]</dataConfigurationFile> </call> . . . If you want to edit the data sources, you can edit the <call> element. [. . . ] Open Control Panel > Add/Remove Programs. 20 user guide 2. In the Add/Remove Programs dialog box, select Sophos Reporting Log Writer and click Remove. Wait for uninstallation to complete. 16 Technical support You can find technical support for Sophos products in any of these ways: Visit the SophosTalk community at http://community. sophos. com/ and search for other users who are experiencing the same problem. Visit the Sophos support knowledgebase at http://www. sophos. com/support/. [. . . ]