Cisco Cisco Web Security Appliance S190 Guía Del Usuario
21-29
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 21 Monitor System Activity Through Logs
Traffic Monitor Log Files
We recommend a Custom Time Interval, with a Rollover every: time interval based on these guidelines:
Step 7
For the Retrieval Method, select SCP on Remote Server and enter the CTA server information from
your CWS account.
your CWS account.
a.
In the SCP Host field, enter the SCP host provided in Cisco ScanCenter; for example,
etr.cloudsec.sco.cisco.com
.
b.
In the SCP Port field, enter
22
.
c.
In the Directory field, enter
/upload
.
d.
In the Username field, enter the user name generated for your device in Cisco ScanCenter. The
device user name is case sensitive and different for each proxy device.
device user name is case sensitive and different for each proxy device.
e.
Check Enable Host Key Checking, and select Automatically Scan.
Step 8
Click Submit on the WSA.
A public SSH key is generated by the WSA and displayed in the Management Console.
Step 9
Copy the public SSH key generated by the WSA to the Clipboard.
Step 10
Switch to the Cisco ScanCenter portal, select the appropriate device account and then paste the public
SSH key into the CTA Device Provisioning page. (See the “Proxy Device Uploads” section of the Cisco
ScanCenter Administrator Guide for additional information.)
SSH key into the CTA Device Provisioning page. (See the “Proxy Device Uploads” section of the Cisco
ScanCenter Administrator Guide for additional information.)
Successful authentication between your proxy device and CTA system will allow log files from your
proxy device to be uploaded to the CTA system for analysis.
proxy device to be uploaded to the CTA system for analysis.
Cisco’s ScanCenter is the administration portal to Cisco Cloud Web Security. See
.
Step 11
Switch back to the WSA, and click Commit Changes.
Note
The WSA restarts when committing configuration changes, so connected users may be
temporarily disconnected.
temporarily disconnected.
Traffic Monitor Log Files
Layer-4 Traffic Monitor log files provides a detailed record of Layer-4 monitoring activity. You can view
Layer-4 Traffic Monitor log file entries to track updates to firewall block lists and firewall allow lists.
Layer-4 Traffic Monitor log file entries to track updates to firewall block lists and firewall allow lists.
Interpreting Traffic Monitor Logs
Use the examples below to interpret the various entry types contains in Traffic Monitor Logs.
Number of Users Behind Proxy
Recommended Rollover Period
Unknown or less than 2000
55 minutes
2000 to 4000
30 minutes
4000 to 6000
20 minutes
More than 6000
10 minutes