Cisco Cisco Web Security Appliance S690 User Guide

.

To enable logging for a log type, you have to create a subscription to that log type. Subscriptions are the 
collective term for all the settings related to a logging instance. Subscription settings include:

Rollover settings, which determine when log files are archived.

Compression settings for archived logs.

The level of detail written to logs

Custom field layouts and user-defined fields for Access and W3C compliant logs.

Retrieval settings for archived logs, which specifies if logs are archive onto a remote server or stored 
on the appliance.

You can add, edit, or delete log subscriptions and you can create multiple log subscriptions for each type 
of log file. 

By default, subscriptions exist on the Web Security appliance for most log types. Some log types related 
to the web proxy component are not enabled, however. The main web proxy log type, called the “Default 
Proxy Logs,” is enabled by default and captures basic information on all Web Proxy modules. Each Web 
Proxy module also has its own log type that you must manually enable as required.

.

The appliance creates a directory for each log subscription based on the log subscription name. The name 
of the log file in the directory is composed of the following information:

Log file name specified in the log subscription

Timestamp when the log file was started

A single-character status code, either 

.c

 (signifying current) or 

.s

 (signifying saved)

The filename of logs are made using the following formula:

/LogSubscriptionName/LogFilename.@timestamp.statuscode

 

You should only transfer log files with the saved status.