Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2305
Views
5
Helpful
2
Replies

Utilizing Cisco WSA Proxy Track Stats Log to Troubleshoot/Monitor Prox

kostasthedelegate
Level 4
Level 4

‎09-09-2021 03:00 AM

Hello 

 

Does anyone knows more about WSA Proxy Track Stats Log 

 

How we enable it or how to view it

 

Thanks and regards, 

 

Konstantinos 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎09-09-2021 03:26 AM

Do you have SMA to manage this, so you can use reporting tool to generate reports.

or you can do Log subscription get information.

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117830-qanda-wsa-00.html

 

 

there is good presentation Cisco Live - BRKSEC-3303

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

fw_mon
Level 1
Level 1

‎09-12-2021 07:03 AM - edited ‎09-12-2021 07:39 AM

Hello @kostasthedelegate 

 

this is exactly what you're looking for: 

Cisco Web Security Appliance Insight

https://splunkbase.splunk.com/app/5524/ 

Visualize hidden Cisco Web Security Appliance (WSA) statistics, simplify troubleshooting, find performance issues.

The most important system log for performance troubleshooting on Cisco WSA is a "hidden" track_stats / prox_track log. It is not mentioned in official user guides. While it contains a lot of very helpful information, it cannot be configured, modified or pushed like other default log types, it must be retrieved using FTP/SCP. Cisco WSA Insight Splunk App provides visualization of prox_track and System Health (shd) logs, assists with troubleshooting of performance issues and gives insights into OS metrics. It can be used for ad-hoc troubleshooting or for continious monitoring of Cisco WSA.

 

How to enable and view: https://splunkbase.splunk.com/app/5524/#/details

How to get a most recent prox_track.log from WSA for an ad-hoc analysis: 

scp admin@wsa.example.com:/track_stats/prox_track.log .

Step-by-step Installation and configuration: https://youtu.be/aAUpTvLUI8A

Cisco Talk: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKSEC-3771.pdf (page 81)

Customers Also Viewed These Support Documents