Cisco Cisco Content Security Management Appliance M390 User Guide
15-5
AsyncOS 9.0 for Cisco Content Security Management Appliances User Guide
Chapter 15 Logging
Log Types
AsyncOS generates the following log types:
Table 15-3
Log Types
Log Type
Description
Authentication Logs
The authentication log records successful logins and unsuccessful login attempts,
for locally and externally authenticated users, for both GUI and CLI access to the
Security Management appliance.
for locally and externally authenticated users, for both GUI and CLI access to the
Security Management appliance.
In Debug and more verbose modes, if external authentication is turned on, all
LDAP queries appear in these logs.
LDAP queries appear in these logs.
Backup Logs
Backup logs record the backup process from start to finish.
Information about backup scheduling is in the SMA logs.
CLI Audit Logs
The CLI audit logs record all CLI activity on the system.
Configuration History
Logs
Logs
Configuration history logs record the following information: What changes were
made on the Security Management appliance, and when were the changes made?
A new configuration history log is created each time a user commits a change.
made on the Security Management appliance, and when were the changes made?
A new configuration history log is created each time a user commits a change.
FTP Server Logs
FTP logs record information about the FTP services enabled on the interface.
Connection details and user activity are recorded.
Connection details and user activity are recorded.
GUI logs
GUI logs include a history of page refreshes in the web interface, session data,
and the pages a user accesses. You can use the gui_log to track user activity or
investigate errors that users see in the GUI. The error traceback will normally be
in this log.
and the pages a user accesses. You can use the gui_log to track user activity or
investigate errors that users see in the GUI. The error traceback will normally be
in this log.
GUI logs also include information about SMTP transactions, for example
information about scheduled reports emailed from the appliance.
information about scheduled reports emailed from the appliance.
HTTP Logs
HTTP logs record information about the HTTP and secure HTTP services
enabled on the interface. Because the graphical user interface (GUI) is accessed
through HTTP, the HTTP logs are essentially the GUI equivalent of the CLI audit
logs. Session data (for example, new sessions and expired sessions) are recorded,
as well as the pages accessed in the GUI.
enabled on the interface. Because the graphical user interface (GUI) is accessed
through HTTP, the HTTP logs are essentially the GUI equivalent of the CLI audit
logs. Session data (for example, new sessions and expired sessions) are recorded,
as well as the pages accessed in the GUI.
Haystack logs
Haystack logs record web transaction tracking data processing.
Text Mail Logs
Text mail logs record information about the operations of the email system (for
example, message receiving, message delivery attempts, opening and closing
connections, bouncing messages, and so forth).
example, message receiving, message delivery attempts, opening and closing
connections, bouncing messages, and so forth).
For important information about when attachment names are included in mail
logs, see
logs, see
.
LDAP Debug Logs
Use these logs to debug problems when you are configuring LDAP in System
Administration > LDAP.
Administration > LDAP.
For example, these logs record the results of clicking the Test Server and Test
Queries buttons.
Queries buttons.
For information about failed LDAP authentications, see the Authentication logs.
NTP Logs
NTP logs record the conversation between the appliance and any configured
Network Time Protocol (NTP) servers. For information about configuring NTP
servers, see
Network Time Protocol (NTP) servers. For information about configuring NTP
servers, see
.
Reporting Logs
Reporting logs record actions associated with the processes of the centralized
reporting service.
reporting service.