Cisco Cisco Web Security Appliance S360 故障排查指南

Contributed by Cisco TAC Engineers.
Oct 13, 2014

Question
Environment
Solution
     Scenario 1: Finding a Particular Website in the Access Logs
     Scenario 2: Attempting to Find a Particular File Extension or Top−Level Domain
     Scenario 3: Attempting to Find a Particular Block For a Website
     Scenario 4: Finding a Machine Name in the Access Logs
     Scenario 5: Finding a Specific Time Period in the Access Logs
     Scenario 6: Searching for Critical or Warning Messages

How do you use regular expressions (regex) with grep to search logs?

Cisco Web Security Appliance
Cisco Email Security Appliance
Cisco Security Management Appliance

Regular expressions (regex) can be a powerful tool when used with the "grep" command to search through
logs available on the appliance, such as Access Logs, Proxy Logs, and others. We can search the logs based
on the website, or any part of the URL, or user names, to name a few, when using the CLI command "grep".

Below are some common scenarios where you can use regex with grep to assist with troubleshooting.

The most common scenario is attempting to find requests being made to a website in the access logs of the
Cisco Web Security Appliance (WSA).

For Example:
Connect to the appliance via SSH. Once you have the prompt, we can type the "grep" command to list the
available logs.

CLI> grep

Enter the number of the log you wish to "grep".