Getting access to Cisco WSA (IronPort) logs
The difference of working with Cisco WSA (Web Security Appliance or IronPort) is that the log files cannot be accessed directly over the network, but there is a function of scheduled file download from FTP/SCP. Accordingly you will need not only Cisco WSA (Web Security Appliance, earlier IronPort) and ProxyInspector reporting tool, but also FTP/SCP server installed on any computer in the local network. In order to configure automatic log files' unload to FTP/SCP, select menu item System Administration | Log Subscriptions in the control console of Cisco WSA (Web Security Appliance, former IronPort), then Add Log Subscription...
Next, you will need to specify the Log type: Access Logs
, Log Style: Squid
, enter desired name of the subscription to the field Log name, prefix of the log file in the field File name
(this prefix will need to be specified in ProxyInspector
settings, for example if File name in IronPort is aclog
, then aclog*
is to be entered into Log file Mask
of ProxyInspector). Then you need to enter details of your FTP/SCP server, address, username, password, path. You also need to specify the conditions that will control log file rollback and their upload to specified server: Rollover by File size
and Rollover by Time
If necessary, you can perform a forced rollback and upload of log files by checking necessaty subscriptions and pressing Rollover Now button on the page with subscription list (System Administration | Log Subscriptions):
Configuring ProxyInspector for reporting on Cisco WSA
It is necessary to specify network (UNC) or local path to the folder FTP/SCP server, where the files will be uploaded, in ProxyInspector settings (Domain & Servers editor in Enterprise or Base Settings in Standard edition).
Tags: ProxyInspector, Cisco WSA, Cisco Web Security, IronPort, log file, FTP, SCP