Cisco Cisco Web Security Appliance S170 Betriebsanweisung
2
S A W M I L L F O R I R O N P O R T 7 . 3 . 2 U S E R G U I D E
I N T R O D U C T I O N
Welcome to Sawmill for IronPort, IronPort’s centralized reporting and tracking solution for the
IronPort Web Security appliance. You can use Sawmill for IronPort for:
IronPort Web Security appliance. You can use Sawmill for IronPort for:
• Centralized reporting
• Centralized end user tracking
• Detailed end users reporting
Sawmill for IronPort includes an IronPort log format plug-in that processes Web Security
appliance access logs to help you understand what is going on in your network. The IronPort
log format plug-in allows you to create multiple types of profiles.
appliance access logs to help you understand what is going on in your network. The IronPort
log format plug-in allows you to create multiple types of profiles.
When Sawmill for IronPort processes Web Security appliance access logs, it uses a profile you
create to perform the following steps:
create to perform the following steps:
1. Reads access logs from the location specified.
2. Parses the data according to the IronPort log format plug-in included in Sawmill for
IronPort and populates the Sawmill database with the parsed data based on the profile
type you create.
type you create.
3. Analyzes the data in the database and generates reports.
You must create at least one profile for Sawmill to read and parse log data. The profile you
create uses the IronPort log format plug-in included in Sawmill for IronPort to know how to
parse the data. The profile type you choose when you create the profile determines the data
that gets loaded into the database and the reports that are generated. For more information
about the plug-ins, see “IronPort Log Format Plug-In” on page 4.
create uses the IronPort log format plug-in included in Sawmill for IronPort to know how to
parse the data. The profile type you choose when you create the profile determines the data
that gets loaded into the database and the reports that are generated. For more information
about the plug-ins, see “IronPort Log Format Plug-In” on page 4.
First, you must choose how to deploy Sawmill for IronPort in your network. In particular, you
must choose how to transfer the access logs from the Web Security appliances to a location
where Sawmill can access them. For more information, see “Deployment Planning” on
page 9.
must choose how to transfer the access logs from the Web Security appliances to a location
where Sawmill can access them. For more information, see “Deployment Planning” on
page 9.
Note — This document is aimed at users who install, configure, and use Sawmill for IronPort.
This is not intended to be a substitution for the documentation provided by Flowerfire, makers
of the Sawmill product. For more information, consult your IronPort Systems Engineer or visit
http://www.sawmill.net.
This is not intended to be a substitution for the documentation provided by Flowerfire, makers
of the Sawmill product. For more information, consult your IronPort Systems Engineer or visit
http://www.sawmill.net.
Profiles
A Sawmill profile is a collection of options that defines a view into the data that Sawmill
collects and analyzes. The license you purchase determines how many profiles you can
create. You must create at least one profile to analyze each type of data.
collects and analyzes. The license you purchase determines how many profiles you can
create. You must create at least one profile to analyze each type of data.
You might want to create multiple profiles for any of the following reasons:
• Different departments in your organization want different customized reports created from
the same log data.
WSA_Sawmill.book Page 2 Monday, March 15, 2010 10:31 AM