Cisco Cisco Web Security Appliance S670 User Guide
24-12
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 24 Logging
Working with Log Subscriptions
Note
When you change the log fields included in a W3C log subscription, the log subscription
automatically rolls over. This allows the latest version of the log file to include the correct new
field headers.
automatically rolls over. This allows the latest version of the log file to include the correct new
field headers.
Step 7
Enter a name for the log file in the File Name field.
Step 8
Enter the maximum file size in bytes the log file can be in the Maximum File Size field. After the number,
enter “G” to specify Gigabytes, “M” for Megabytes, or “K” for Kilobytes.
enter “G” to specify Gigabytes, “M” for Megabytes, or “K” for Kilobytes.
Step 9
Choose whether or not to compress log files after they have been rolled over using the Log Compression
field.
field.
For more information, see
.
Step 10
(Optional) Specify HTTP status codes (4xx or 5xx only) in the Log Exclusions field to exclude the
associated transactions from an access log or a W3C access log.
associated transactions from an access log or a W3C access log.
For example, you might want to filter out authentication failure requests that have codes of 407 or 401.
Step 11
Choose the amount of detail to include in the log file in the Log Level field.
The Log Level field does not appear for access and W3C access logs subscriptions
More detailed settings create larger log files and have a greater impact on system performance. More
detailed settings include all the messages contained in less detailed settings, plus additional messages.
As the level of detail increases, system performance decreases.
detailed settings include all the messages contained in less detailed settings, plus additional messages.
As the level of detail increases, system performance decreases.
describes the levels of detail you can choose in the Log Level field.
Step 12
Choose how to retrieve the log file from the appliance in the Retrieval Method field.
Table 24-3
Logging Levels
Log Level
Description
Critical
This is the least detailed setting. This level only includes errors. Using this setting will
not allow you to monitor performance and other important activities. However, the log
files will not reach their maximum size as quickly. This log level is equivalent to the
syslog level “Alert.”
not allow you to monitor performance and other important activities. However, the log
files will not reach their maximum size as quickly. This log level is equivalent to the
syslog level “Alert.”
Warning
This level includes all errors and warnings created by the system. Using this setting
will not allow you to monitor performance and other important activities. This log
level is equivalent to the syslog level “Warning.”
will not allow you to monitor performance and other important activities. This log
level is equivalent to the syslog level “Warning.”
Information
This level includes the detailed system operations. This is the default. This log level
is equivalent to the syslog level “Info.”
is equivalent to the syslog level “Info.”
Debug
This level includes data useful for debugging system problems. Use the Debug log
level when you are trying to discover the cause of an error. Use this setting
temporarily, and then return to the default level. This log level is equivalent to the
syslog level “Debug.”
level when you are trying to discover the cause of an error. Use this setting
temporarily, and then return to the default level. This log level is equivalent to the
syslog level “Debug.”
Trace
This is the most detailed setting. This level includes a complete record of system
operations and activity. The Trace log level is recommended only for developers.
Using this level causes a serious degradation of system performance and is not
recommended. This log level is equivalent to the syslog level “Debug.”
operations and activity. The Trace log level is recommended only for developers.
Using this level causes a serious degradation of system performance and is not
recommended. This log level is equivalent to the syslog level “Debug.”