Cisco Cisco Web Security Appliance S160 User Guide
W H E N R U N N I N G O N A 3 2 - B I T O P E R A T I N G S Y S T E M , S A W M I L L F O R I R O N P O R T M A Y H A V E
C H A P T E R 1 : I N T R O D U C T I O N T O S A W M I L L F O R I R O N P O R T
17
appliance access logs show “ALLOW_CUSTOMCAT-AccessPolicy1-1090519042” as part of
the ACL decision tag. In this example, “1090519042” appears as the Access Policy name
instead of “AccessPolicy1.” [Defect ID: 45336]
the ACL decision tag. In this example, “1090519042” appears as the Access Policy name
instead of “AccessPolicy1.” [Defect ID: 45336]
When Running on a 32-Bit Operating System, Sawmill for IronPort May Have Difficulty
Handling Access Logs Larger than 2G
Handling Access Logs Larger than 2G
When running on a 32-bit operating system, Sawmill for IronPort may have difficulty handling
access logs that are larger than 2G.
access logs that are larger than 2G.
Workaround: Set the maximum file size for access logs to 2G.
[Defect ID: 48407]
Typo in the Daylight Savings Time Log Filter in the Online Help
The Daylight Savings Time log filter in the Sawmill for IronPort online help incorrectly refers
to
to
v.date_time_year
as
v_date_time_year
in a couple of places. All references in the
filter should read
v.date_time_year
; otherwise, a syntax errors occurs if you attempt to use
the filter. [Defect ID: 49693]
Disabling the Rewrite URL Feature Causes Sawmill for IronPort to Stop Functioning
Properly
Properly
Disabling the Rewrite URL feature causes Sawmill for IronPort to stop functioning properly
and throws a ‘Running out of Memory’ error.
and throws a ‘Running out of Memory’ error.
Workaround: Do not disable the ReWrite URL filter in Sawmill for Ironport Plugin. The
Rewrite URL feature must remain enabled.
Rewrite URL feature must remain enabled.
[Defect ID: 54042]
The Default Pathname Suggested in the New Profile Wizard is Problematic
The default pathname suggested when selecting a Log Source in the New Profile Wizard is
logs/*.gz, logs/*, logs/access.log. The logs/* causes Sawmill for IronPort to import duplicate
entries into the database.
logs/*.gz, logs/*, logs/access.log. The logs/* causes Sawmill for IronPort to import duplicate
entries into the database.
Workaround: Replace the suggested default string with logs/.*(s|c)$ so that duplicate database
entries do not occur.
entries do not occur.
[Defect ID: 55303]
Sawmill for IronPort Incorrectly Reports CONNECT Log Entries
Page view identification logic was modified in 7.3.2. As a result, in 7.3.2, some loglines for
HTTPS CONNECT request that were not identified as page view previously, may be counted
as page view against an '(empty)' domain. Summarized Logs report will show the log lines
that are identified as page views.
HTTPS CONNECT request that were not identified as page view previously, may be counted
as page view against an '(empty)' domain. Summarized Logs report will show the log lines
that are identified as page views.
[Defect ID: 67385]
WSA_Sawmill.book Page 17 Monday, March 15, 2010 10:31 AM