Cisco Cisco Web Security Appliance S370 Guia Do Utilizador

The HTTP Method and the decrypted URL. For example, “GET https://ftp.example.com”.

The full URL is only visible when the HTTPS Proxy decrypts the traffic.

AsyncOS for Web sends a critical email message to the configured alert recipients when the internal 
logging process drops web transaction events due to a full buffer.

By default, when the Web Proxy experiences a very high load, the internal logging process buffers events 
to record them later when the Web Proxy load decreases. When the logging buffer fills completely, the 
Web Proxy continues to process traffic, but the logging process does not record some events in the access 
logs or in the Web Tracking report. This might occur during a spike in web traffic.

However, a full logging buffer might also occur when the appliance is over capacity for a sustained 
period of time. AsyncOS for Web continues to send the critical email messages every few minutes until 
the logging process is no longer dropping data.

The critical message contains the following text:

Reporting Client: The reporting system is unable to maintain the rate of data being 

generated. Any new data generated will be lost.

 

If AsyncOS for Web sends this critical message continuously or frequently, the appliance might be over 
capacity. Contact Cisco Customer Support to verify whether or not you need additional Web Security 
appliance capacity.

If you want to use a third party log analyzer tool to read and parse the W3C access logs, you might need 
to include the “timestamp” field. The timestamp W3C field displays time since the UNIX epoch, and 
most log analyzers only understand time in this format. 

Policy Troubleshooting Tool: Policy Trace

Also see: 

With the HTTPS Proxy is enabled, Decryption Policies handle all HTTPS policy decisions. You can no 
longer define Access and Routing Policy group membership by HTTPS, nor can you configure Access 
Policies to block HTTPS transactions.