Cisco Cisco Web Security Appliance S380 Guía Del Usuario
22
S A W M I L L F O R I R O N P O R T 7 . 3 . 2 U S E R G U I D E
1. On the Sawmill Login screen, enter the user name and password you chose in step 4 on
When a Sawmill installation includes no Profiles, it prompts you to create a profile.
2. Click Start Here to create a Profile using the IronPort configuration files.
The New Profile Wizard appears in a separate browser window.
3. On the Log Source screen, enter the following information:
4. Click Next.
Sawmill reads the log files in the specified path and tries to detect the log format.
5. On the Log Format Detected screen, select the log format for the type of profile you want
to create (HR or Sec Ops).
Field
Description
Log source
Specify how Sawmill should access the access log file:
• Local disk. Click Browse to locate the path on the local machine.
• FTP server. Enter the host name of the FTP server and the user name
• Local disk. Click Browse to locate the path on the local machine.
• FTP server. Enter the host name of the FTP server and the user name
and password used to access the server.
• HTTP server. Enter the host name of the HTTP server.
The source type you choose depends on how you choose to deploy
Sawmill for IronPort. For more information choosing how to deploy
Sawmill for IronPort, see “Deployment Planning” on page 9.
The source type you choose depends on how you choose to deploy
Sawmill for IronPort. For more information choosing how to deploy
Sawmill for IronPort, see “Deployment Planning” on page 9.
Pathname
Enter the directory path on the machine hosting the access log file that
contains the access log file. If the access log file is on a local or network
drive, you can use the Browse button to navigate to the directory.
You can also enter a pattern to specify multiple log source file names. For
example, to specify all files with a .log extension in the logs directory,
you can enter the text using the following types of patterns:
• Wildcard: C:\logs\*.log
• Regular expression: C:\logs\^.*log$
If you enter a regular expression in the Pathname field, you must enable
the “Pattern is a regular expression” option.
contains the access log file. If the access log file is on a local or network
drive, you can use the Browse button to navigate to the directory.
You can also enter a pattern to specify multiple log source file names. For
example, to specify all files with a .log extension in the logs directory,
you can enter the text using the following types of patterns:
• Wildcard: C:\logs\*.log
• Regular expression: C:\logs\^.*log$
If you enter a regular expression in the Pathname field, you must enable
the “Pattern is a regular expression” option.
Process subfolders
Choose whether or not to also process data in subdirectories of the path
specified in the pathname field. This field only applies to log files stored
on the machine hosting Sawmill.
If you enter a pattern in the Pathname field, this option searches for that
pattern in all subdirectories.
specified in the pathname field. This field only applies to log files stored
on the machine hosting Sawmill.
If you enter a pattern in the Pathname field, this option searches for that
pattern in all subdirectories.
Pattern is a regular
expression
expression
Enable this option if you entered a regular expression in the Pathname
field.
field.
WSA_Sawmill.book Page 22 Monday, March 15, 2010 10:31 AM