Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
0
Helpful
1
Replies

CWS Transparent Proxy with ISR

Go to solution
cooperwaldon
Level 1
Level 1

‎11-21-2015 02:55 PM - edited ‎03-08-2019 05:37 PM

Hello,

I'm working on implementing a transparent proxy configuration using our 3925 with ios version 15.3.4.M3.  I'm interesting in enabling the logging feature to log when there are connectivity issues with the towers or when they swap from primary to secondary as listed here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_cws/configuration/15-mt/sec-data-cws-15-mt-book/cws-isrg2-sol.html#concept_9E79401FBE944CBC9DC324CF1D1831A1

However, the log messages seem to be a bit too verbose as it logs messages on session creation and deletion but I would like to limit it just to logging the connectivity changes between the towers.  Is there a way to limit the types of messages that are logged within the logging option in paramater map?

I was also wondering if anyone can confirm whether or not using the transparent configuration allows you to see individual user information in the scancenter reports on the scancenter admin page?  Currently we have browser based proxy configuration and when we look at the logs it appears to aggregate all the traffic into our externally natted ip address.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ashok Sakthivel
Cisco Employee
Cisco Employee

‎11-21-2015 06:44 PM

Q: CWS Logging:
A: CWS logging can be enabled under the content-scan parameter map. Will log all content-scanning process, It can't be limited to log only to connectivity changes between the towers.

Content-Scan Log Messages:
%CONT_SCAN-6-START_SESSION
%CONT_SCAN-6-STOP_SESSION
%CONT_SCAN-3-CONNECTIVITY
%CONT_SCAN-3-UNREACHABLE
%CONT_SCAN-3-TOWER-CHANGE
%CONT_SCAN-6-WHITE_LIST
Q: User information in Scancenter Report:
A: You will have to enable "IP admission" to see user information in CWS Report.

IP admission will authenticate the user and queries the LDAP server based on the service_account and LDAP server configured in ISR.Content-scan process will get the user/group information for authenticated user and sent to the CWS Tower.
You may refer here for IP admission sample configuration.
 
Thanks and Regards,
Ashok Sakthivel.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ashok Sakthivel
Cisco Employee
Cisco Employee

‎11-21-2015 06:44 PM

Q: CWS Logging:
A: CWS logging can be enabled under the content-scan parameter map. Will log all content-scanning process, It can't be limited to log only to connectivity changes between the towers.

Content-Scan Log Messages:
%CONT_SCAN-6-START_SESSION
%CONT_SCAN-6-STOP_SESSION
%CONT_SCAN-3-CONNECTIVITY
%CONT_SCAN-3-UNREACHABLE
%CONT_SCAN-3-TOWER-CHANGE
%CONT_SCAN-6-WHITE_LIST
Q: User information in Scancenter Report:
A: You will have to enable "IP admission" to see user information in CWS Report.

IP admission will authenticate the user and queries the LDAP server based on the service_account and LDAP server configured in ISR.Content-scan process will get the user/group information for authenticated user and sent to the CWS Tower.
You may refer here for IP admission sample configuration.
 
Thanks and Regards,
Ashok Sakthivel.
0 Helpful
Customers Also Viewed These Support Documents