WSA S170 - any way to view old logs in the reporting GUI?
We've used centralized logging for a very long time on our WSAs - sending it all to the SMA.
However due to human error we let the feature keys expire on the SMA, which means no logs were processed from the WSAs.
I've now changed to local logging in our WSAs, however it only shows events that have happened since enabling local logging.
Checking through ftp gui and cli, I'm able to see that all the logs do indeed still exist.
How can I view these in a graphical way, preferably through the reporting GUI? I cannot find any "import" or such option.
Second option would be to export these logs to some type of Cisco or 3rd party tool to view them in an easy way. I've been looking at some of the logs through VSCode, but it's impossible to find what I want by just looking at the clear text in the log manually.
Essentially I want to get browsing events from a certain user during a certain timeframe.
I am sorry but you are out of luck. The queues for reporting/web tracking are different depending on local reporting or centralized reporting that is the reason you can see the data from after you enabled local reporting. So the data that was in the queue to be moved to the SMA should ideally move to the SMA once you connect this WSA to another SMA and enable centralised reporting again . It would be great if you can open a case with TAC and we can take a look at it for you.
PS: Please don't forget to rate and select as validated answer if this answered your question
IntroductionComponentsISE ConfigurationEnd user perspective and Validation
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM ...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.