Cisco Cisco Web Security Appliance S190 Guía Del Usuario
A-9
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Policy Problems
Alert: Unable to Maintain the Rate of Data Being Generated
AsyncOS for Web sends a critical email message to the configured alert recipients when the internal
logging process drops web transaction events due to a full buffer.
logging process drops web transaction events due to a full buffer.
By default, when the Web Proxy experiences a very high load, the internal logging process buffers events
to record them later when the Web Proxy load decreases. When the logging buffer fills completely, the
Web Proxy continues to process traffic, but the logging process does not record some events in the access
logs or in the Web Tracking report. This might occur during a spike in web traffic.
to record them later when the Web Proxy load decreases. When the logging buffer fills completely, the
Web Proxy continues to process traffic, but the logging process does not record some events in the access
logs or in the Web Tracking report. This might occur during a spike in web traffic.
However, a full logging buffer might also occur when the appliance is over capacity for a sustained
period of time. AsyncOS for Web continues to send the critical email messages every few minutes until
the logging process is no longer dropping data.
period of time. AsyncOS for Web continues to send the critical email messages every few minutes until
the logging process is no longer dropping data.
The critical message contains the following text:
Reporting Client: The reporting system is unable to maintain the rate of data being
generated. Any new data generated will be lost.
If AsyncOS for Web sends this critical message continuously or frequently, the appliance might be over
capacity. Contact Cisco Customer Support to verify whether or not you need additional Web Security
appliance capacity.
capacity. Contact Cisco Customer Support to verify whether or not you need additional Web Security
appliance capacity.
Problem Using Third-Party Log-Analyzer Tool with W3C Access Logs
If you want to use a third party log analyzer tool to read and parse the W3C access logs, you might need
to include the “timestamp” field. The timestamp W3C field displays time since the UNIX epoch, and
most log analyzers only understand time in this format.
to include the “timestamp” field. The timestamp W3C field displays time since the UNIX epoch, and
most log analyzers only understand time in this format.
Policy Problems
•
•
•
•
Blocked Object Problems
•
•
Some Microsoft Office Files Not Blocked
When you block Microsoft Office files in the Block Object Type section, it is possible that some
Microsoft Office files will not be blocked.
Microsoft Office files will not be blocked.
If you need to block all Microsoft Office files, add
application/x-ole
in the Block Custom MIME
Types field. However, blocking this custom MIME type also blocks all Microsoft Compound Object
format types, such as Visio files and some third-party applications.
format types, such as Visio files and some third-party applications.