Cisco Cisco Web Security Appliance S190 Guía Del Usuario
1-13
Cisco Advanced Web Security Reporting 6.0 Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Set Up On-going Data Transfers
Note
With a multiple-appliance configuration, you must repeat these steps from the Advanced Web Security
Reporting application for each appliance. However, you also can configure multiple appliances by
editing the
Reporting application for each appliance. However, you also can configure multiple appliances by
editing the
inputs.conf
file.
Establish Log Transfers from A Web Security Appliance
Before You Begin
•
Know the path to your log files:
.
•
Determine the frequency of transfers, no more than 60-minute increments.
•
Open the web interface for the Web Security Appliance.
Step 1
In the Web interface for the Web Security Appliance, navigate to System Administration >
Log Subscriptions.
Log Subscriptions.
Step 2
Click Add Log Subscription, or click the name of an existing subscription to edit it.
Step 3
Configure the subscription (this example refers specifically to access, AMP engine and traffic-monitor
logs):
logs):
Setting
Log Type
Value
Log Type
Access
accesslogs
Traffic Monitor
trafmonlogs
AMP Engine
amp_logs
Log Name
Any one
Name for the log directory.
(Depending on your
AsyncOS release)
AsyncOS release)
Rollover by File Size
Maximum File Size
Any one
Recommend no more than 500 MB.
(Availability of this option
varies by AsyncOS release)
varies by AsyncOS release)
Rollover by Time
Any one
Recommend custom rollover interval of one hour
(1h) or more frequent rollovers. For AMP logs,
recommend one minute (1m).
(1h) or more frequent rollovers. For AMP logs,
recommend one minute (1m).
Log Style
Access
Squid
Traffic Monitor
N/A
AMP Engine
N/A
Log Level
Access
N/A
Traffic Monitor
N/A
AMP Engine
Select Debug.
Note
It is important to change Log Level to
Debug for AMP reporting, or little to no
information will be reported.
Debug for AMP reporting, or little to no
information will be reported.
(Optional) Custom Fields
Access only
%XK (Adds a web reputation threat reason.)