Cisco Cisco Identity Services Engine 1.3 개발자 가이드
SSH 命令
WSA GUI 路径
功能
日志文件
ssh admin@WSA
tail ise_service_log
系统管理 (System Administration) > 日
志订阅 (Log Subscriptions) > ISE 服务
日志 (ise_service_log)
志订阅 (Log Subscriptions) > ISE 服务
日志 (ise_service_log)
记录与使用 ISE 相关的消
息,例如与 ISE 服务器通
信成功还是失败。
息,例如与 ISE 服务器通
信成功还是失败。
ISE 日志
ssh admin@WSA
tail proxylogs
系统管理 (System Administration) > 日
志订阅 (Log Subscriptions) > 代理日志
(proxylogs)
志订阅 (Log Subscriptions) > 代理日志
(proxylogs)
记录与 Web 代理相关的错
误。 这是所有与 Web 代理
相关的日志中最基本的功
能。 要对与 Web 代理相关
的更多具体方面进行故障
排除,请为适用的 Web 代
理模块创建一个日志订用。
误。 这是所有与 Web 代理
相关的日志中最基本的功
能。 要对与 Web 代理相关
的更多具体方面进行故障
排除,请为适用的 Web 代
理模块创建一个日志订用。
代理日志
访问日志文件 - 示例
以下是可用于故障排除的访问日志文件的一些示例。
示例 1:向无 SGT 的 ISE 缓存中发现的用户应用的访问策略。
1424330486.386 320 10.19.75.75 TCP_MISS/200 68632 GET http://www.bing.com/ "user1" DIRECT/www.bing.com text/html
DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup
<IW_srch,6.1,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_srch,-,"-","-","Bing","Search
Engine","-","-",1715.80,0,-,"-","-",1,"-",-,-,"-","-"> - SSO_ISE
DEFAULT_CASE_12-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup
<IW_srch,6.1,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_srch,-,"-","-","Bing","Search
Engine","-","-",1715.80,0,-,"-","-",1,"-",-,-,"-","-"> - SSO_ISE
示例 2:向有匹配 SGT 的 ISE 缓存中的用户应用的访问策略。
1424331112.566 0 10.19.75.75 TCP_DENIED/403 0 GET http://www.bing.com/ "user1" NONE/- -
BLOCK_WEBCAT_12-BYODPolicy-DefaultGroup-NONE-NONE-NONE-NONE
<IW_srch,6.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_srch,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-">
BLOCK_WEBCAT_12-BYODPolicy-DefaultGroup-NONE-NONE-NONE-NONE
<IW_srch,6.1,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_srch,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-">
- SSO_ISE
示例 3:具有回退到访客的功能的访问策略
1424330523.414 155 172.29.177.25 TCP_MISS/200 68647 GET http://www.bing.com/ "(Unauthenticated)172.29.177.25"
DIRECT/www.bing.com text/html DEFAULT_CASE_12-DefaultGroup-Default
Group-NONE-NONE-NONE-DefaultGroup
<IW_srch,6.1,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_srch,-,"-","-","Bing","Search
Engine","-","-",3543.07,0,-,"-","-",1,"-",-,-,"-","-
"> - GUEST
<IW_srch,6.1,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,IW_srch,-,"-","-","Bing","Search
Engine","-","-",3543.07,0,-,"-","-",1,"-",-,-,"-","-
"> - GUEST
示例 4:具有回退到阻止事务的功能的访问策略
1424331683.561 0 172.29.177.25 TCP_DENIED/403 0 GET http://www.bing.com/ - NONE/- -
OTHER-NONE-DefaultGroup-NONE-NONE-NONE-NONE
<-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-">
OTHER-NONE-DefaultGroup-NONE-NONE-NONE-NONE
<-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-">
- NONE
ISE 日志文件 - 示例
以下是可用于故障排除的 ISE 日志文件的一个示例。
Thu Mar 12 20:41:29 2015 Info: Begin Logfile
Thu Mar 12 20:41:30 2015 Info: ISEService: Successfully loaded configuration from: /data/ise/ise_service.ini
Thu Mar 12 20:41:30 2015 Info: ISEService: Successfully loaded configuration from: /data/ise/ise_service.ini
17