Cisco Cisco Web Security Appliance S170 설치 가이드
1-11
Cisco Web Security Appliance Advanced Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
(Optional) Set Up Department Membership Query
Set Up Department Membership Reporting
Before You Begin
•
Linux users: Install ldapsearch tool using the following command:
sudo yum install openldap-clients
Step 1
Identify the AD/LDAP Group Base DNs in the Membership Script:
a.
Open the appropriate membership script in a text editor:
–
Linux: $SPLUNK_HOME/etc/apps/CiscoWSA/bin/discovery.py
–
Windows: X:\$SPLUNK_HOME\etc\apps\CiscoWSA\bin\discovery.vbs
b.
Edit the first four fields at the top of the header:
strComputer = 'ad_ldap_host'
strUser = 'cn=service_account,cn=Users,dc=my_directory,dc=net'
strPassword = 'service_account_password'
strGroupOUs = 'Group base DN;Group base DN;Group base DN'
c.
Save the file.
Step 2
Enable use of the membership script by the inputs.conf Script:
a.
Open the inputs.conf script in a text editor:
$SPLUNK_HOME/etc/apps/CiscoforIronportWSA/local/inputs.conf
b.
Search for the appropriate string:
–
# membership script Windows
–
# membership script Linux
c.
Set disabled to false: disabled = false
Step 3
Restart Splunk.
Step 4
Verify that the script populated departments.csv with the user data:
$SPLUNK_HOME/etc/apps/CiscoWSA/lookups/departments.csv
The membership script is set to run every day by default. The interval is set in seconds and can be
changed as per the deployment requirements.
changed as per the deployment requirements.
Restrict Access to Department Reports by Role
Before You Begin
•
Understand that if users are restricted to viewing data from specific departments or groups, Layer 4
Transport Monitor (L4TM) data will only be available to administrators because L4TM data is not
linked to a department or role.
Transport Monitor (L4TM) data will only be available to administrators because L4TM data is not
linked to a department or role.
•
Open Splunk Web
Step 1
In Splunk Web,