Cisco Cisco Web Security Appliance S680 Guía Del Usuario
20-3
Cisco AsyncOS for Web User Guide
Chapter 20 Monitor System Activity Through Logs
Planning For Logging
Related Topics
•
.
•
•
•
Log Subscriptions
To enable logging for a log type, you have to create a subscription to that log type. Subscriptions are the
collective term for all the settings related to a logging instance. Subscription settings include:
collective term for all the settings related to a logging instance. Subscription settings include:
•
Rollover settings, which determine when log files are archived.
•
Compression settings for archived logs.
•
The level of detail written to logs
•
Custom field layouts and user-defined fields for Access and W3C compliant logs.
•
Retrieval settings for archived logs, which specifies if logs are archive onto a remote server or stored
on the appliance.
on the appliance.
You can add, edit, or delete log subscriptions and you can create multiple log subscriptions for each type
of log file.
of log file.
Default Log Subscriptions
By default, subscriptions exist on the Web Security appliance for most log types. Some log types related
to the web proxy component are not enabled, however. The main web proxy log type, called the “Default
Proxy Logs,” is enabled by default and captures basic information on all Web Proxy modules. Each Web
Proxy module also has its own log type that you must manually enable as required.
to the web proxy component are not enabled, however. The main web proxy log type, called the “Default
Proxy Logs,” is enabled by default and captures basic information on all Web Proxy modules. Each Web
Proxy module also has its own log type that you must manually enable as required.
Related Topics
•
.
Log File Names and Appliance Directory Structure
The appliance creates a directory for each log subscription based on the log subscription name. The name
of the log file in the directory is composed of the following information:
of the log file in the directory is composed of the following information:
•
Log file name specified in the log subscription
•
Timestamp when the log file was started
•
A single-character status code, either
.c
(signifying current) or
.s
(signifying saved)
The filename of logs are made using the following formula:
/LogSubscriptionName/LogFilename.@timestamp.statuscode
Note
You should only transfer log files with the saved status.