Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
Chapter 12 Logging
12-6
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Log Retrieval
Log files can be retrieved with the file transfer protocols described in
.
You set the protocol when you create or edit a log subscription in the GUI, or by
using the
using the
logconfig
command in the CLI.
Filename and Directory Structure
AsyncOS creates a directory for each log subscription based on the log name
specified in the log subscription. The filenames of logs in the directory consist of
the filename specified in the log subscription, the timestamp when the log file was
started, and a single-character status code. The following example shows the
convention for the directory and filename:
specified in the log subscription. The filenames of logs in the directory consist of
the filename specified in the log subscription, the timestamp when the log file was
started, and a single-character status code. The following example shows the
convention for the directory and filename:
/<Log_Name>/<Log_Filename>.@<timestamp>.<statuscode>
Status codes may be
.c
(signifying “current”) or
.s
(signifying “saved”). You
should only transfer log files with the saved status.
Table 12-3
Log Transfer Protocols
FTP Poll
With this type of file transfer, a remote FTP client accesses the Cisco IronPort appliance
to retrieve log files by using the username and password of an administrator-level or
operator-level user. When configuring a log subscription to use the FTP poll method, you
must supply the maximum number of log files to retain. When the maximum number is
reached, the system deletes the oldest file.
to retrieve log files by using the username and password of an administrator-level or
operator-level user. When configuring a log subscription to use the FTP poll method, you
must supply the maximum number of log files to retain. When the maximum number is
reached, the system deletes the oldest file.
FTP Push
With this type of file transfer, the Cisco IronPort appliance periodically pushes log files to
an FTP server on a remote computer. The subscription requires a username, password, and
destination directory on the remote computer. Log files are transferred based on the
configured rollover schedule.
an FTP server on a remote computer. The subscription requires a username, password, and
destination directory on the remote computer. Log files are transferred based on the
configured rollover schedule.
SCP Push
With this type of file transfer, the Cisco IronPort appliance periodically pushes log files to
an SCP server on a remote computer. This method requires an SSH SCP server on a remote
computer using the SSH1 or SSH2 protocol. The subscription requires a username, SSH
key, and destination directory on the remote computer. Log files are transferred based on
the configured rollover schedule.
an SCP server on a remote computer. This method requires an SSH SCP server on a remote
computer using the SSH1 or SSH2 protocol. The subscription requires a username, SSH
key, and destination directory on the remote computer. Log files are transferred based on
the configured rollover schedule.
Syslog
Push
Push
With this type of file transfer, the Cisco IronPort appliance sends log messages to a remote
syslog server. This method conforms to RFC 3164. You must submit a hostname for the
syslog server and use either UDP or TCP for log transmission. The port used is 514. A
facility can be selected for the log; however, a default for the log type is preselected in the
drop-down menu. Only text-based logs can be transferred using syslog push.
syslog server. This method conforms to RFC 3164. You must submit a hostname for the
syslog server and use either UDP or TCP for log transmission. The port used is 514. A
facility can be selected for the log; however, a default for the log type is preselected in the
drop-down menu. Only text-based logs can be transferred using syslog push.