Cisco Cisco Web Security Appliance S190 Guía Del Usuario
R E P O R T S
C H A P T E R 1 : I N T R O D U C T I O N T O S A W M I L L F O R I R O N P O R T
3
• The administrator for each department in an organization needs to view data for his/her
department only.
• You have multiple Web Security appliances to analyze and you want to report on each
one individually.
You might need to create multiple profiles for any of the following reasons:
• You need to report on date ranges and have reports for each range, such as 2007, 2008, or
Q1 2007, Q2 2007, etc.
When you create a profile, you must specify the log source. The log data can come from one
or more Web Security appliance access logs. The files can be local, or Sawmill for IronPort
can download them from an FTP server. Sawmill for IronPort automatically detects the
IronPort log format when it reads Web Security appliance access logs. After the profile is
created, you can view the reports defined by IronPort on the Reports screen.
or more Web Security appliance access logs. The files can be local, or Sawmill for IronPort
can download them from an FTP server. Sawmill for IronPort automatically detects the
IronPort log format when it reads Web Security appliance access logs. After the profile is
created, you can view the reports defined by IronPort on the Reports screen.
For more information on profiles, see “Working with Profiles” on page 40.
Reports
Sawmill reports present Web Security appliance access log file information in an attractive
and easily navigable format. You can “drill down” on links in the reports to zoom in on
particular subsets of data in the report.
and easily navigable format. You can “drill down” on links in the reports to zoom in on
particular subsets of data in the report.
For a list of the reports included in Sawmill for IronPort, see “Sawmill for IronPort Reports” on
page 4.
page 4.
WSA_Sawmill.book Page 3 Tuesday, February 22, 2011 2:54 PM