Cisco Cisco Web Security Appliance S360 Fehlerbehebungsanleitung
Using GREP to filter the access logs
Document ID: 117938
Contributed by Denis Jacobi and Siddharth Rajpathak, Cisco TAC
Engineers.
Engineers.
Jul 15, 2014
Contents
Question:
Question:
Environment: Cisco Web Security Appliance (WSA), all versions of AsyncOS
How can I search the access logs on the S−series appliance?
From the command line interface of the Cisco Web Security Appliance, you can use the grep command to
filter the access logs and determine what is being blocked. Here is an example to show all that is being
blocked:
filter the access logs and determine what is being blocked. Here is an example to show all that is being
blocked:
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
TestS650.wsa.com ()> grep
TestS650.wsa.com ()> grep
Currently configured logs:
1. "accesslogs" Type: "Access Logs" Retrieval: FTP Poll
<...>
18. "welcomeack_logs" Type: "Welcome Page Acknowledgement Logs"
Retrieval: FTP Poll
1. "accesslogs" Type: "Access Logs" Retrieval: FTP Poll
<...>
18. "welcomeack_logs" Type: "Welcome Page Acknowledgement Logs"
Retrieval: FTP Poll
Enter the number of the log you wish to grep.
[]> 1
[]> 1
Enter the regular expression to grep.
[]> BLOCK_
[]> BLOCK_
Do you want this search to be case insensitive? [Y]> n
Do you want to tail the logs? [N]> n
Do you want to paginate the output? [N]> n
(entries will be displayed)
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
For the regular expression question, you can enter BLOCK_ (without the quotes) to show every request that
WSA has blocked. (Warning: this list can be very long) .
WSA has blocked. (Warning: this list can be very long) .