Cisco Cisco Web Security Appliance S670 User Guide
36
S A W M I L L F O R I R O N P O R T 7 . 3 . 3 U S E R G U I D E
• Log Filters. Log Filters perform translations, conversions, or selective inclusion (“filter
out”) operations. For instance, a log filter could be used to reject (exclude) all log entries
from a particular IP, or all log entries during a particular time. Log Filters could also be
used to convert user names to full names, or to simplify a field, such as truncating the end
of a URL, which is sometimes necessary to analyze a large proxy dataset efficiently.
from a particular IP, or all log entries during a particular time. Log Filters could also be
used to convert user names to full names, or to simplify a field, such as truncating the end
of a URL, which is sometimes necessary to analyze a large proxy dataset efficiently.
Log Filters are written in The Configuration Language, which provides full programming
language flexibility, including the use of if/then/else clauses, and/or/not expressions,
loops, and more. For more information, see the Sawmill documentation.
language flexibility, including the use of if/then/else clauses, and/or/not expressions,
loops, and more. For more information, see the Sawmill documentation.
Database
The Database section contains the following subsections:
• Database Options. This section contains the general database options, including the type
and location of the database.
• Database Tuning. This section contains options for tuning database performance.
• Database Fields. This is an information section, displaying information about the database
fields.
DNS Lookup
This section contains the DNS options used to look up IP addresses in the log data.
Manage Reports
The Manage Reports section contains the following subsections:
• General Display/Output. This section includes general report output options, including
headers and footers.
• Graph Display. This section includes general graph options, including default graph sizes.
• Reports/Reports Editor. This section includes the Reports Editor and the Reports Menu
editor, which can be used to create custom reports.
Rebuild Database Button
This button appears at the top of the profile config editor. Clicking it rebuilds the database
from scratch.
from scratch.
WARNING:
This option erases the entire contents of the current database and builds it from
the current contents of the log sources. If the database contains data that is no longer in the
log sources, that data will be permanently lost.
log sources, that data will be permanently lost.
Update Database Button
This button appears at the top of the profile config editor. Clicking it updates the database by
adding any new log data in the log source (data which is in the log source but not in the
database).
adding any new log data in the log source (data which is in the log source but not in the
database).
WSA_Sawmill.book Page 36 Tuesday, February 22, 2011 2:54 PM