Cisco Cisco Web Security Appliance S690 User Guide
11-28
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 11 Monitor System Activity Through Logs
Customizing Access Logs
Related Topics
•
•
•
•
Configuring CTA-specific Custom W3C Logs
You can configure the WSA to “push” Cognitive Threat Analytics (CTA)-specific custom W3C access
logs to Cisco’s Cloud Web Security service for analysis and reporting. Cisco ScanCenter is the
administration portal into Cloud Web Security (CWS).
logs to Cisco’s Cloud Web Security service for analysis and reporting. Cisco ScanCenter is the
administration portal into Cloud Web Security (CWS).
Before You Begin
•
Create a device account in Cisco ScanCenter for your WSA, selecting SCP as the automatic upload
protocol (see the “Proxy Device Uploads” section of the Cisco ScanCenter Administrator Guide for
more information). Note the SCP (Secure Copy Protocol) host name and the generated user name
for your WSA (case sensitive, different for each device).
protocol (see the “Proxy Device Uploads” section of the Cisco ScanCenter Administrator Guide for
more information). Note the SCP (Secure Copy Protocol) host name and the generated user name
for your WSA (case sensitive, different for each device).
Step 1
Follow the instructions in
to add a new W3C access
log subscription, choosing W3C Logs as the Log Type.
Step 2
Provide a descriptive Log Name.
Step 3
Delete any entries in the Selected Log Fields list (select all and click Remove).
Step 4
Add the following fields to the Selected Log Fields list:
a.
Copy and paste the following into the Custom Fields box and then click Add.
timestamp
x-elapsed-time
c-ip
cs-username
c-port
s-ip
s-port
cs-url
cs-bytes
sc-bytes
cs(User-Agent)
cs-mime-type
cs-method
sc-http-status
cs(Referer)
sc(Location)
x-amp-sha
x-amp-verdict
x-amp-malware-name
x-amp-score
Step 5
Provide a Rollover by File Size; in this case,
500M
is recommended.
Step 6
Choose a Rollover by Time option.