Error: Log Inspection Rules Require Log Files

If a log inspection rule requires you to add the location of the files to be monitored, of if you add an unnecessary log inspection rule and the files do not exist on your machine, the following error will occur in the ComputerClosedTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). or Policy editorClosedTo open the Policy editor, go to the Policies page and double-click the policy that you want to edit (or select the policy and click Details).:

To resolve the error:

  1. Click on the Log Inspection Rules Require Log Files error. A window will open with more information about the error. Under Description, the name of the rule causing the error will be listed.
  2. In the Deep Security Manager, go to Policies > Common Objects > Rules > Log Inspection Rules and locate the rule that is causing the error.
  3. Double-click the rule. The rule's properties window will appear.
  4. Go to the Configuration tab.

If the file's location is required:

  1. Enter the location under Log Files to monitor and click Add.
  2. Click OK. Once the agent receives the policy, the error will clear.

If the files listed do not exist on the protected machine:

  1. Go to the ComputerClosedTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). or Policy editorClosedTo open the Policy editor, go to the Policies page and double-click the policy that you want to edit (or select the policy and click Details). > Log Inspection.
  2. Click Assign/Unassign.
  3. Locate the unnecessary rule and uncheck the checkbox.
  4. Click OK. Once the agent receives the policy, the error will clear.

To prevent this error, run a recommendation scan for suggested rules:

  1. On the Deep Security Manager, go to Computers.
  2. Right-click the computer you'd like to scan and click Actions > Scan for Recommendations.
  3. View the results on the General tab of the protection module in the ComputerClosedTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). or Policy editorClosedTo open the Policy editor, go to the Policies page and double-click the policy that you want to edit (or select the policy and click Details)..