Cisco Cisco Web Security Appliance S690 User Guide
24-13
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 24 Logging
Working with Log Subscriptions
describes the different ways you can retrieve log files:
Table 24-4
Log Transfer Protocols
Retrieval Method
Description
FTP on Appliance
(FTP Poll)
This method requires a remote FTP client accessing the appliance to retrieve
log files using an admin or operator user’s username and password.
log files using an admin or operator user’s username and password.
When you choose this method, you must enter the maximum number of log files
to store on the appliance. When the maximum number is reached, the system
deletes the oldest file.
to store on the appliance. When the maximum number is reached, the system
deletes the oldest file.
This is the default.
FTP on Remote
Server
Server
(FTP Push)
This method periodically pushes log files to an FTP server on a remote
computer.
computer.
When you choose this method, you must enter the following information:
•
Maximum time between file transfers
•
FTP server hostname
•
Directory on FTP server to store the log file
•
Username and password of a user that has permission to connect to the FTP
server
server
Note: AsyncOS for Web only supports passive mode for remote FTP servers. It
cannot push log files to an FTP server in active mode.
cannot push log files to an FTP server in active mode.
SCP on Remote
Server
Server
(SCP Push)
This method periodically pushes log files using the secure copy protocol to an
SCP server on a remote computer. This method requires an SSH SCP server on
a remote computer using the SSH2 protocol. The subscription requires a user
name, SSH key, and destination directory on the remote computer. Log files are
transferred based on a rollover schedule set by you.
SCP server on a remote computer. This method requires an SSH SCP server on
a remote computer using the SSH2 protocol. The subscription requires a user
name, SSH key, and destination directory on the remote computer. Log files are
transferred based on a rollover schedule set by you.
When you choose this method, you must enter the following information:
•
Maximum time between file transfers
•
Protocol to use for transmission
•
SCP server hostname
•
Directory on SCP server to store the log file
•
Username of a user that has permission to connect to the SCP server
Choose whether or not to enable host key checking.
Syslog Push
This method sends log messages to a remote syslog server. This method
conforms to RFC 3164. The appliance uses port 514.
conforms to RFC 3164. The appliance uses port 514.
When you choose this method, you must enter the following information:
•
Syslog server hostname
•
Protocol to use for transmission, either UDP or TCP
•
Facility to use with the log
You can only choose syslog for text-based logs.
Note
Syslog messages greater than 1024 bytes are truncated. Access logs and
W3C access logs with many custom variables, especially of variable
length, might exceed the 1024 byte limit.
W3C access logs with many custom variables, especially of variable
length, might exceed the 1024 byte limit.