Cisco Cisco Content Security Management Appliance M1070 Guía Del Usuario
Chapter 12 Logging
12-2
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Most logs are recorded in plain text (ASCII) format; however, tracking logs are
recorded in binary format for resource efficiency. The ASCII text information is
readable in any text editor.
recorded in binary format for resource efficiency. The ASCII text information is
readable in any text editor.
Logging Versus Reporting
Logging data is a set of text logs that the system exports to the administrator.
Logging data is typically used by the administrator to debug message flow, reveal
basic day-to-day operational information such as FTP connection details, HTTP
log files, and for compliance archiving.
Logging data is typically used by the administrator to debug message flow, reveal
basic day-to-day operational information such as FTP connection details, HTTP
log files, and for compliance archiving.
The administrator can choose to access this logging data directly on the Email
Security appliance or send it to any external FTP server for archival or reading.
The administrator can either FTP to the appliance to access the logs or push the
plain text logs to an external server for backup purposes.
Security appliance or send it to any external FTP server for archival or reading.
The administrator can either FTP to the appliance to access the logs or push the
plain text logs to an external server for backup purposes.
Reporting data, on the other hand, is gathered independently from the logging
data and cannot be viewed by the administrator. That is, the administrator can see
all the system information that goes from the Email Security appliance to the
Security Management appliance in the log files, but the information that is pulled
by the Security Management appliance for reporting cannot be seen by an
administrator.
data and cannot be viewed by the administrator. That is, the administrator can see
all the system information that goes from the Email Security appliance to the
Security Management appliance in the log files, but the information that is pulled
by the Security Management appliance for reporting cannot be seen by an
administrator.
The only way to see reporting data is to use the Report pages on the
appliance GUI. You cannot access the underlying data in any way, and this data
cannot be sent to anything but a Security Management appliance.
cannot be sent to anything but a Security Management appliance.
Note
It is important to remember that the Security Management appliance pulls
information for all reporting and tracking with the exception of Cisco IronPort
Spam Quarantine (ISQ) data. The ISQ data is pushed from the ESA.
information for all reporting and tracking with the exception of Cisco IronPort
Spam Quarantine (ISQ) data. The ISQ data is pushed from the ESA.
Log Types
A log subscription associates a log type with a name, a logging level, and other
characteristics such as file size and destination information. Multiple
subscriptions for all log types, except configuration history logs, are permitted.
The log type determines the data that are recorded in the log. You select the log
type when you create a log subscription. See
characteristics such as file size and destination information. Multiple
subscriptions for all log types, except configuration history logs, are permitted.
The log type determines the data that are recorded in the log. You select the log
type when you create a log subscription. See
for
more information.