Cisco Cisco Web Security Appliance S660 Mode D'Emploi
Chapter 24 Logging
Troubleshooting
24-54
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Example 2
172.xx.xx.xx discovered for www.allowsite.com (www.allowsite.com)
added to firewall allow list.
In this example, a match becomes an allow list firewall entry. The L4 Traffic
Monitor matched a domain name entry and added it to the appliance allow list.
The IP address is then entered into the allow list for the firewall.
Monitor matched a domain name entry and added it to the appliance allow list.
The IP address is then entered into the allow list for the firewall.
Example 3
Firewall noted data from 172.xx.xx.xx to 209.xx.xx.xx
(allowsite.net):80.
In this example, the L4 Traffic Monitor logs a record of data that passed between
an internal IP address and an external IP address which is on the block list. Also,
the L4 Traffic Monitor is set to monitor, not block.
an internal IP address and an external IP address which is on the block list. Also,
the L4 Traffic Monitor is set to monitor, not block.
Troubleshooting
AsyncOS for Web sends a critical email message to the configured alert recipients
when the internal logging process drops web transaction events due to a full
buffer.
when the internal logging process drops web transaction events due to a full
buffer.
By default, when the Web Proxy experiences a very high load, the internal logging
process buffers events to record them later when the Web Proxy load decreases.
When the logging buffer fills completely, the Web Proxy continues to process
traffic, but the logging process does not record some events in the access logs or
in the Web Tracking report. This might occur during a spike in web traffic.
process buffers events to record them later when the Web Proxy load decreases.
When the logging buffer fills completely, the Web Proxy continues to process
traffic, but the logging process does not record some events in the access logs or
in the Web Tracking report. This might occur during a spike in web traffic.
However, a full logging buffer might also occur when the appliance is over
capacity for a sustained period of time. AsyncOS for Web continues to send the
critical email messages every few minutes until the logging process is no longer
dropping data.
capacity for a sustained period of time. AsyncOS for Web continues to send the
critical email messages every few minutes until the logging process is no longer
dropping data.
The critical message contains the following text:
Reporting Client: The reporting system is unable to maintain the rate
of data being generated. Any new data generated will be lost.
If AsyncOS for Web sends this critical message continuously or frequently, the
appliance might be over capacity. Contact Cisco IronPort Customer Support to
verify whether or not you need additional Web Security appliance capacity.
appliance might be over capacity. Contact Cisco IronPort Customer Support to
verify whether or not you need additional Web Security appliance capacity.