Cisco Cisco Web Security Appliance S360 Fehlerbehebungsanleitung

Contributed by Madhura Kumar and Jeff Richmond, Cisco TAC
Engineers.

Jun 24, 2014

Introduction
How can I view the logs on the Cisco WSA?
     CLI
     GUI

This document describes how to view the logs on the Cisco Web Security Appliance (WSA) from the CLI
using the grep command.

In order to view the logs from the CLI, connect to the WSA using Secure Shell (SSH). You can use a
SSH client like puTTy to do this.

1. 

After logging in to the CLI, enter the grep command. This will bring up a list of the logs on the WSA.

2. 

Type the number of the log subscription to run the grep on and press enter.

3. 

Type the regular expression to grep for, or leave this empty to search for everything, and press enter.

4. 

Type Y or N for the remaining prompts to modify how the grep is run.

5. 

Here is an example of how to run a grep to find a particular domain in the accesslogs:

wsa.hostname> grep

Currently configured logs:

1. "accesslogs" Type: "Access Logs" Retrieval: FTP Poll

2. "amp_logs" Type: "AMP Engine Logs" Retrieval: FTP Poll

3. "authlogs" Type: "Authentication Framework Logs" Retrieval: FTP Poll

4. "avc_logs" Type: "AVC Engine Logs" Retrieval: FTP Poll

5. "bypasslogs" Type: "Proxy Bypass Logs" Retrieval: FTP Poll

...

42. "webcat_logs" Type: "Web Categorization Logs" Retrieval: FTP Poll

43. "webrootlogs" Type: "Webroot Logs" Retrieval: FTP Poll

44. "welcomeack_logs" Type: "Welcome Page Acknowledgement Logs" Retrieval:

 FTP Poll

Enter the number of the log you wish to grep.

[]> 1

Enter the regular expression to grep.

[]> domain.com

Do you want this search to be case insensitive? [Y]>

Do you want to search for non−matching lines? [N]>