Cisco Cisco Web Security Appliance S170 사용자 가이드
1-12
Cisco Advanced Web Security Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Set Up On-going Data Transfers
Step 5
Click Manual and then enter
wsa_syslog
in the Sourcetype field.
Step 6
Choose
Cisco WSA - Advanced Reporting
as the App Context.
Step 7
In the Host section, click Custom as the Method field, and then enter the Advanced Web Security
Reporting host name as the Host field value.
Reporting host name as the Host field value.
Step 8
Choose Default as the destination Index.
Step 9
Click Review and review the values you provided.
Step 10
Click Submit.
Step 11
Navigate to Settings > Data Inputs > TCP to confirm the new input entry.
Note
With a multiple-appliance configuration, you must repeat these steps from the Advanced Web Security
Reporting application for each appliance. However, you also can configure multiple appliances by
editing the
Reporting application for each appliance. However, you also can configure multiple appliances by
editing the
inputs.conf
file.
Establish Log Transfers from A Web Security Appliance
Before You Begin
•
Know the path to your log files:
•
Determine the frequency of transfers, no more than 60-minute increments.
•
Open the web interface for the Web Security Appliance.
Step 1
In the Web interface for the Web Security Appliance, navigate to System Administration >
Log Subscriptions.
Log Subscriptions.
Step 2
Click Add Log Subscription, or click the name of an existing subscription to edit it.
Step 3
Configure the subscription (this example refers specifically to access and traffic-monitor logs):
Setting
Log Type
Value
Log Type
Access
accesslogs
Traffic Monitor
trafmonlogs
Log Name
Either
Name for the log directory.
(Depending on your
AsyncOS release)
AsyncOS release)
Rollover by File Size
Maximum File Size
Either
Recommend no more than 500 MB.
(Availability of this option
varies by AsyncOS release)
varies by AsyncOS release)
Rollover by Time
Either
Recommend custom rollover interval of one hour
(1h) or more frequent rollovers.
(1h) or more frequent rollovers.
Log Style
Access
Squid
Traffic Monitor
N/A