Cisco Cisco Web Security Appliance S160 User Guide
21-10
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Adding and Editing Log Subscriptions
Step 4
Submit and commit your changes.
Retrieval Method:
FTP on Appliance
The FTP on Appliance method (equivalent to FTP Poll) requires a remote
FTP client accessing the appliance to retrieve log files using an admin or
operator user’s username and password.
FTP client accessing the appliance to retrieve log files using an admin or
operator user’s username and password.
When you choose this method, you must enter the maximum number of log
files to store on the appliance. When the maximum number is reached, the
system deletes the oldest file.
files to store on the appliance. When the maximum number is reached, the
system deletes the oldest file.
This is the default retrieval method.
Retrieval Method:
FTP on Remote Server
The FTP on Remote Server method (equivalent to FTP Push) periodically
pushes log files to an FTP server on a remote computer.
pushes log files to an FTP server on a remote computer.
When you choose this method, you must enter the following information:
•
FTP server hostname
•
Directory on FTP server to store the log file
•
Username and password of a user that has permission to connect to the
FTP server
FTP server
Note
AsyncOS for Web only supports passive mode for remote FTP
servers. It cannot push log files to an FTP server in active mode.
servers. It cannot push log files to an FTP server in active mode.
Retrieval Method:
SCP on Remote Server
The SCP on Remote Server method (equivalent to SCP Push) periodically
pushes log files using the secure copy protocol to a remote SCP server. This
method requires an SSH SCP server on a remote computer using the SSH2
protocol. The subscription requires a user name, SSH key, and destination
directory on the remote computer. Log files are transferred based on a
rollover schedule set by you.
pushes log files using the secure copy protocol to a remote SCP server. This
method requires an SSH SCP server on a remote computer using the SSH2
protocol. The subscription requires a user name, SSH key, and destination
directory on the remote computer. Log files are transferred based on a
rollover schedule set by you.
When you choose this method, you must enter the following information:
•
SCP server hostname
•
Directory on SCP server to store the log file
•
Username of a user that has permission to connect to the SCP server
Retrieval Method:
Syslog Push
You can only choose syslog for text-based logs.
The Syslog Push method sends log messages to a remote syslog server on
port 514. This method conforms to RFC 3164.
port 514. This method conforms to RFC 3164.
When you choose this method, you must enter the following information:
•
Syslog server hostname
•
Protocol to use for transmission, either UDP or TCP
•
Maximum message size
Valid values for UDP are 1024 to 9216.
Valid values for TCP are 1024 to 65535.
Maximum message size depends on the syslog server configuration.
•
Facility to use with the log
Option
Description