Cisco Cisco Web Security Appliance S670 User Guide
6
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
versions, you could group users by group object only. The user object contains all the groups
to which a user belongs.
to which a user belongs.
For more information, see “LDAP Group Authorization” on page 373.
Enhanced: Logging
AsyncOS 6.0 for Web includes several changes and enhancements to Web Security appliance
logging to help you troubleshoot issues more easily.
logging to help you troubleshoot issues more easily.
W3C Standard Extended Log File Format Access Logs
In AsyncOS for Web 6.0, the Web Security appliance supports the W3C standard extended
log file format (ELFF) for access log information. The W3C access log subscriptions record
Web Proxy transaction history in a format that is readable by generic analysis tools. The
extended log file format is self-describing, so your analysis tool can read the log fields in use
and present them in an understandable format.
log file format (ELFF) for access log information. The W3C access log subscriptions record
Web Proxy transaction history in a format that is readable by generic analysis tools. The
extended log file format is self-describing, so your analysis tool can read the log fields in use
and present them in an understandable format.
You can create multiple W3C access log subscriptions and define the data to include in each.
You might want to create one W3C access log that includes all information your organization
typically needs, and other, specialized W3C access logs that can be used for troubleshooting
purposes or special analysis. For example, you might want to create a W3C access log for an
HR manager that only needs access to certain information.
You might want to create one W3C access log that includes all information your organization
typically needs, and other, specialized W3C access logs that can be used for troubleshooting
purposes or special analysis. For example, you might want to create a W3C access log for an
HR manager that only needs access to certain information.
Enhanced HTTPS Logging
AsyncOS for Web 6.0 includes enhanced logging of HTTPS transaction for easier
troubleshooting. To view more detail HTTPS transaction details, increase the HTTPS log level
detail to either Debug or Trace. With this feature, the HTTPS logs show various SSL
handshake phases, such as establishing capabilities, server authentication and key exchange,
client key exchange, and finalizing of the SSL handshake. Additionally, session information
like server certificate, client certificate, certificate chain, key size, cipher used, and certificate
verification message is also logged.
troubleshooting. To view more detail HTTPS transaction details, increase the HTTPS log level
detail to either Debug or Trace. With this feature, the HTTPS logs show various SSL
handshake phases, such as establishing capabilities, server authentication and key exchange,
client key exchange, and finalizing of the SSL handshake. Additionally, session information
like server certificate, client certificate, certificate chain, key size, cipher used, and certificate
verification message is also logged.
New Log File Types
AsyncOS 6.0 for Web includes the following new types of log files:
• Data Security Logs. Records client history for upload requests that are evaluated by the
IronPort Data Security Filters. For more information, see “Logging” on page 234.
• Data Security Module Logs. Records messages related to the IronPort Data Security
Filters. The Data Security Module Logs are one of the Web Proxy module log types
containing more detailed information for troubleshooting purposes.
containing more detailed information for troubleshooting purposes.
• FTP Proxy Logs. Records error and warning messages related to the FTP Proxy. The FTP
Proxy Logs are one of the Web Proxy module log types containing more detailed
information for troubleshooting purposes.
information for troubleshooting purposes.
• W3C Access Logs. Records Web Proxy client history in a W3C compliant format.