Cisco Cisco Web Security Appliance S670 User Guide
L O G F I L E N A M E A N D A P P L I A N C E D I R E C T O R Y S T R U C T U R E
C H A P T E R 2 0 : L O G G I N G
429
• Apache
• Squid
• Squid Details
• Exclude entries based on HTTP status codes. You can configure the access log to not
include transactions based on particular HTTP status codes to filter out certain
transactions. For example, you might want to filter out authentication failure requests that
have codes of 407 or 401.
transactions. For example, you might want to filter out authentication failure requests that
have codes of 407 or 401.
Log File Name and Appliance Directory Structure
The appliance creates a directory for each log subscription based on the log subscription
name. The name of the log file in the directory is composed of the following information:
name. The name of the log file in the directory is composed of the following information:
• Log file name specified in the log subscription
• Timestamp when the log file was started
• A single-character status code, either
.c
(signifying current) or
.s
(signifying saved)
The filename of logs are made using the following formula:
/LogSubscriptionName/LogFilename.@timestamp.statuscode
Note — You should only transfer log files with the saved status.
Rolling Over Log Subscriptions
AsyncOS rolls over log subscriptions based on settings you make in each log subscription.
Rolling over a log subscription is an AsyncOS process that accomplishes the following tasks:
Rolling over a log subscription is an AsyncOS process that accomplishes the following tasks:
• Creates a new log file with the timestamp of the rollover and designates the file as current
with the letter “c” extension.
• Renames the current log file to have a letter “s” extension signifying saved.
• Transfers the newly saved log file to a remote host when the log retrieval method is push-
based. For a list of the log retrieval methods, see Table 20-4 on page 433.
• Transfers any previously unsuccessful log files from the same subscription when the log
retrieval method is push-based.
• Deletes the oldest file in the log subscription if the total number of files to keep on hand
has been exceeded when the log retrieval method is poll-based.
AsyncOS rolls over log subscriptions in the following ways:
• Manually. The appliance administrator can manually roll over log subscriptions on
demand from either the web interface or the CLI. Use the Rollover Now button on the
System Administration > Log Subscriptions page, or the
System Administration > Log Subscriptions page, or the
rollovernow
CLI command. The
rollovernow
command allows you to roll over all log files at once or select a specific
log file from a list.