cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6624
Views
0
Helpful
7
Replies

Logs from WSA (FTP)

Roger Base
Level 1
Level 1

I am trying to access/export my WSA appliance logs (access logs etc). But for some how I cannot authorize with my administrator login via the FTP link from GUI.The login window appears again after typing username and password in my browser. What should I do to fix this problem ?

7 Replies 7

Tao Yang
Cisco Employee
Cisco Employee

Firstly you can try using FTP client like FileZilla to see if it works. If it is still same, you can check the following WSA log to see if you can find any clue.

"ftpd_logs" Type: "FTP Server Logs" 

HI Tao,

I cannot login with Filezilla as well. Do you I need to configure something special to get access to the logs via FTP ?

On the page where you configure the interfaces you have to check a box to turn on ftp...  but usually you don't get a login prompt without it...   

Some more information. I cannot find place to enable the FTP. But I guess it is enabled since I got login prompt. So I will not belive that is the case. Please check out the Message from the FTP client.

Appliance mode:

Model:    S160
Version:    7.1.4-053 for Web

Message from the FTP (FileZilla).

Command:    USER myuser@mypassword@10.10.10.10
Response:    331 User name okay, need password.
Command:    PASS *********
Response:    501 Syntax error in parameters or arguments.
Error:    Critical error: Could not connect to server

FTP Proxy are configured on the Ironport.

Anyone that seen this issue before?

Are you using authentication in the WSA? if yes, does your identity enable that authentication for the FTP traffic?

If yes, have you configure filezilla to use the authentication when connecting to WSA and what method/format that you use in Filezilla for authentication? WSA by default will use checkpoint format.

To check from filezilla (settings -> FTP Proxy -> if WSA using authentication you will need to select custom and enter your authentication format -> enter proxy host such as <wsaIP:8021> -> user and password.

See below link for more info for Filezilla with WSA:

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/118044-qna-wsa-00.html

syeda3
Level 1
Level 1
  1. In order to view the logs from the GUI, connect to the WSA using a web browser on port 8080 (default) for HTTP or 8443 (default) for HTTPS.
  2. After logging in, click System Administration > Log Subscriptions.
  3. Click on the FTP link for the log subscription to view.
  4. Select the log file to view and the output will be shown in the browser.

Note: By default, the WSA uses port 21 for FTP when connecting to the management interface. If this port is changed, clicking on the FTP link from the GUI will fail. In order to correct this problem, add the FTP port for the management interface after the WSA hostname in the URL in the browser.

http://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117830-qanda-wsa-00.html

Zhicheng Lun
Cisco Employee
Cisco Employee

First of all, you need to enable FTP on the WSA in GUI Network/Interfaces/place a check mark next to FTP, also fill in the the port number for FTP.

Second, use FTP client(a browser will do) to visit FTP port on WSA.

 

You should see the log subscription by doing above.