Cisco Cisco Web Security Appliance S670 User Guide
C R E A T I N G A P R O F I L E
C H A P T E R 4 : R E A D I N G A C C E S S L O G S W I T H S A W M I L L F O R I R O N P O R T
39
4. Click Next.
Sawmill reads the log files in the specified path and tries to detect the log format.
5. On the Log Format Detected screen, select the log format for the type of profile you want
to create (HR or Sec Ops).
6. Verify “Continue with the above detected log format” is selected, and click Next.
7. On the Numerical Field Options screen, verify all check boxes are selected and click
Next.
8. On the Database Options screen, choose to use the internal database created by Sawmill,
and click Next.
9. On the Profile Name screen, enter a name for this Profile, and click Finish.
10. After the Profile has been saved, click Close.
11. Return to the browser window where you are logged into Sawmill.
Pattern is a regular
expression
expression
Do not enable this option. The IronPort log format plug-in does not use
regular expressions to read the access logs.
regular expressions to read the access logs.
Field
Description
WSA_Sawmill.book Page 39 Monday, March 15, 2010 10:31 AM