Cisco Cisco Web Security Appliance S170 설치 가이드
1-6
Cisco Web Security Appliance Advanced Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Create the Folder Structure for Log Files
(Upgrades from Release 2.0 to Release 3.0 Only) Run the Upgrade Cleanup
Script
Script
Step 1
Access the Splunk command-line interface.
Step 2
Change directory:
$ cd $SPLUNK_HOME/etc/apps/SplunkforCiscoIronportWSA/bin
Step 3
Run the cleanup script:
$ ../../../../bin/splunk cmd python upgrade_from_v2.py
In most cases, this script completes without providing feedback. This is expected.
Step 4
If you have modified any of the cleaned-up files (very unlikely), the script creates a new directory and
moves the files to it. If this happens, you will see a message like:
moves the files to it. If this happens, you will see a message like:
Moving local/viewstates.conf to local.old.YYYYMMDD-HHMMSS/viewstates.conf
Step 5
Restart Splunk.
Step 6
Check to see if files were backed up:
$ SPLUNK_HOME/etc/apps/SplunkforCiscoIronportWSA/local.old.YYYYMMDD-HHMMSS
If no files were moved, this directory does not exist.
Configuration Best Practices
•
Set time zones consistently across Cisco Web Security Appliance appliances.
The time displayed in the search results reflects the ‘local’ time of the Splunk instance. By default,
all Splunk inputs for the Cisco Web Security Appliance logs are set to TZ = GMT.
all Splunk inputs for the Cisco Web Security Appliance logs are set to TZ = GMT.
•
Document the local admin account password (regardless of the chosen authentication method).
Create the Folder Structure for Log Files
Import and Index Historical Data
The default for the summary script is to summarize up to 90 days of history. By default, the summary
script uses 8 cores.
script uses 8 cores.
Log
Default Path
Variables
Traffic Monitor
/$Input_base/wsa_hostname/trafmonlogs/
$Input_base=Splunk
deployment
deployment
host_name=WSA device
Access
/$Input_base/wsa_hostname/accesslogs/ $Input_base=deployment
host_name=WSA device