Cisco Cisco Web Security Appliance S170 Guía Del Usuario
A-10
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Logging Problems
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Could not create ISE client: …
Internal error when creating the WSA’s ISE client for ISE server connection.
•
Tue Mar 24 03:56:47 2015 Critical: ISEEngineManager: Bulk Download thread failed: …
Internal error indicating bulk download of SGTs failed on connection or re-connection.
•
Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to start service. Error: …
The WSA’s ISE service failed to start.
•
Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to send ready signal …
The WSA’s ISE service was unable to send a ready signal to
heimdall
.
•
Tue Mar 24 03:56:47 2015 Critical: ISEService: Unable to send restart signal …
The WSA’s ISE service was unable to send a restart signal to
heimdall
.
Logging Problems
•
•
•
•
Custom URL Categories Not Appearing in Access Log Entries
When a web access policy group has a custom URL category set to Monitor and some other component,
such as the Web Reputation Filters or the DVS engine, makes the final decision to allow or block a
request for a URL in the custom URL category, then the access log entry for the request shows the
predefined URL category instead of the custom URL category.
such as the Web Reputation Filters or the DVS engine, makes the final decision to allow or block a
request for a URL in the custom URL category, then the access log entry for the request shows the
predefined URL category instead of the custom URL category.
Logging HTTPS Transactions
HTTPS transactions in the access logs appear similar to HTTP transactions, but with slightly different
characteristics. What gets logged depends on whether the transaction was explicitly sent or transparently
redirected to the HTTPS Proxy:
characteristics. What gets logged depends on whether the transaction was explicitly sent or transparently
redirected to the HTTPS Proxy:
•
TUNNEL. This gets written to the access log when the HTTPS request was transparently redirected
to the HTTPS Proxy.
to the HTTPS Proxy.
•
CONNECT. This gets written to the access log when the HTTPS request was explicitly sent to the
HTTPS Proxy.
HTTPS Proxy.
When HTTPS traffic is decrypted, the access logs contain two entries for a transaction:
•
TUNNEL or CONNECT depending on the type of request processed.
•
The HTTP Method and the decrypted URL. For example, “GET https://ftp.example.com”.
The full URL is only visible when the HTTPS Proxy decrypts the traffic.