Troubleshooting full traffic logging

Your download script attempts to connect to the cloud service to download full traffic logs at an interval that you configure. If your script is unable to make the connection, or if it is unable to retrieve the log files after connecting, the following problems may occur:

  • The cloud service stores log files for only 14 days. After that period, the files are deleted, and cannot be recovered. When this occurs, your organization is no longer able to access and analyze web activity recorded in those logs.
  • Depending on the volume of Internet activity that your organization sends through the cloud service, log files may grow quickly. If your script is unable to download log files for a day or more, the bandwidth required to download the files and the disk space required to store them may be substantial.

To address this issue:

  • Check that your scheduling service (Windows Task Scheduler, or crontab on Linux) is running. If you are using Windows Task Scheduler, check that it is using your most recent network password to run the task.
  • Your script may be prevented from accessing the cloud service due to network problems, either affecting Internet or internal network connections. Use a browser or the ping utility to verify that the machine running the script can connect to the Internet.
  • If the script is connecting to the cloud service but cannot retrieve log records, verify that there is not a problem with the cloud service. Check the administrative email address associated with your full traffic logging account.
  • Check that your cloud service password has not expired.

If you do not download traffic logs for a period of 7 days, a notification email is sent to all administrative contacts with Log Export permission enabled, and all policy administrators where full traffic logging is enabled for the policy. The email warns that logging will be disabled if you do not download logs for 14 days. Further notifications are sent after 10 and 13 days, and after 14 days you will be notified that full traffic logging has been deactivated and traffic logs are no longer being generated for your account.