Cisco Cisco Web Security Appliance S380 User Guide
20-4
Cisco AsyncOS for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Planning For Logging
Related Topics
.
Archiving Log Files Using Rollover
AsyncOS will periodically close current log files and begin new ones as a means of managing log file
size and storage location. This is called log file “rollover”. Based on the retrieval method defined for the
log subscription, AsyncOS stores the older log files on the appliance for retrieval or delivers them to an
external computer.
size and storage location. This is called log file “rollover”. Based on the retrieval method defined for the
log subscription, AsyncOS stores the older log files on the appliance for retrieval or delivers them to an
external computer.
AsyncOS rolls over log subscriptions in the following ways:
•
Manually. The appliance administrator can manually roll over log subscriptions on demand from
either the web interface or the CLI.
either the web interface or the CLI.
•
Automatically. AsyncOS rolls over log subscriptions when a current log file reaches a
user-specified limit of maximum file size or maximum time since last rollover. This is configured
as part of the subscription settings.
user-specified limit of maximum file size or maximum time since last rollover. This is configured
as part of the subscription settings.
Related Topics
•
.
•
Saving Disk Space By Compressing Log Files
To save disk space on the Web Security appliance, log subscriptions can compress rolled over log files
before storing them on the disk. Only rolled over logs are compressed. The current active log file is not
compressed.
before storing them on the disk. Only rolled over logs are compressed. The current active log file is not
compressed.
Each log subscription has its own log compression setting, so you can choose which log subscriptions
to compress. AsyncOS compresses log files using the gzip compression format.
to compress. AsyncOS compresses log files using the gzip compression format.
Related Topics
•
•
Reading and Interpreting Log Files
You can read current log file activity as a means of monitoring and troubleshooting the Web Security
appliance. This is done using the appliance interface.
appliance. This is done using the appliance interface.
You can also read archived files for a record of past activity. This can be done using the appliance
interface if the archived files are stored on the appliance; otherwise they must be read from their external
storage location using an appropriate method.
interface if the archived files are stored on the appliance; otherwise they must be read from their external
storage location using an appropriate method.
Each item of information in a log file is represented by a field variable. By determining which fields
represent which items of information, you can look up the field function and interpret the log file
contents. For W3C compliant access logs, the file header lists field names in the order in which they
appear in log entries. For standard Access logs, however, you must consult the documentation regarding
this log type for information on its field order.
represent which items of information, you can look up the field function and interpret the log file
contents. For W3C compliant access logs, the file header lists field names in the order in which they
appear in log entries. For standard Access logs, however, you must consult the documentation regarding
this log type for information on its field order.