Cisco Cisco Web Security Appliance S360 Guia Do Utilizador
422
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
L O G G I N G O V E R V I E W
You can use log files to monitor web traffic. To configure the appliance to create log files, you
create log subscriptions. A log subscription is an appliance configuration that associates a log
file type with a name, logging level, and other parameters, such as size and destination
information. You can subscribe to a variety of log file types. For more information about log
subscriptions, see “Working with Log Subscriptions” on page 428.
create log subscriptions. A log subscription is an appliance configuration that associates a log
file type with a name, logging level, and other parameters, such as size and destination
information. You can subscribe to a variety of log file types. For more information about log
subscriptions, see “Working with Log Subscriptions” on page 428.
In typical appliance monitoring, the appliance administrator usually reads the following log
files:
files:
• Access log. Records all Web Proxy filtering and scanning activity. For more information
about the access log, see “Access Log File” on page 436.
• Traffic Monitor log. Records all L4 Traffic Monitor activity. For more information about the
The appliance also creates other log file types, such as the system log file. You might want to
read other log files to troubleshoot appliance errors. For a list of each type, see “Log File
Types” on page 422.
read other log files to troubleshoot appliance errors. For a list of each type, see “Log File
Types” on page 422.
The appliance provides several options for customizing the type of information recorded in
the access log. For more information, see “Custom Formatting in Access Logs and W3C Logs”
on page 450.
the access log. For more information, see “Custom Formatting in Access Logs and W3C Logs”
on page 450.
Log File Types
The log file type indicates what information is recorded in the generated log, such as web
traffic or system data. By default, the Web Security appliance has log subscriptions for most
log file types already created. However, there are some log file types that specific to
troubleshooting the Web Proxy. Those logs are not created by default. For more information
on those log file types, see “Web Proxy Logging” on page 426.
traffic or system data. By default, the Web Security appliance has log subscriptions for most
log file types already created. However, there are some log file types that specific to
troubleshooting the Web Proxy. Those logs are not created by default. For more information
on those log file types, see “Web Proxy Logging” on page 426.
Table 20-1 lists the Web Security appliance log file types created by default.
Table 20-1 Default Log File Types
Log File Type
Description
Enabled by
Default?
Default?
Access Control
Engine Logs
Engine Logs
Records messages related to the Web Proxy ACL (access
control list) evaluation engine.
control list) evaluation engine.
No
Access Logs
Records Web Proxy client history.
Yes
Authentication
Framework Logs
Framework Logs
Records authentication history and messages.
Yes
CLI Audit Logs
Records a historical audit of command line interface activity.
Yes