Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2366
Views
0
Helpful
7
Replies

WSA virtual appliance (S600v) log viewing problem in GUI

Go to solution
mehedimec
Level 1
Level 1

‎07-02-2019 02:27 AM - edited ‎07-02-2019 03:20 AM

Hi Team,

 

I am unable to view log files in WSA virtual appliance (S600v) GUI. From System Administration > Log subscriptions I get the below page where there is no FTP link for the log file.

 

Access logs2.jpg

After clicking Access Logs, get the below page.Access logs1.jpg

Do I need to make any change in the options to view the access logs from the appliance (without exporting log to any other ftp server)?

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to mehedimec

‎07-02-2019 08:50 AM

Go to Network/Interfaces.

Enable a port for FTP on your management interface... you can use 21 if you AREN'T doing using the WSA to monitor FTP traffic, otherwise use something like 1021.

Note that this is UNENCRYPTED, so if you have security rules about that, this may not work for you...



Once that's set, you'll see a link in the gui, clicking on it requires you to login again... it just gives you a web view of the FTP site...



It's as close to seeing the "logs in the gui" that you'll get from the WSA at this point.


View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-02-2019 04:15 AM

You can view the Logs from command level with grep command with the option of log you want to look.

 

If you like to look full log you need to download locally using winscp to local PC.

 

make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
mehedimec
Level 1
Level 1
In response to balaji.bandi

‎07-02-2019 08:11 AM

Dear Balaji,

Thanks for the information. I viewed the log using grep command in CLI, but
i would like to view the logs from GUI if there is any way.
0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to mehedimec

‎07-02-2019 08:50 AM

Go to Network/Interfaces.

Enable a port for FTP on your management interface... you can use 21 if you AREN'T doing using the WSA to monitor FTP traffic, otherwise use something like 1021.

Note that this is UNENCRYPTED, so if you have security rules about that, this may not work for you...



Once that's set, you'll see a link in the gui, clicking on it requires you to login again... it just gives you a web view of the FTP site...



It's as close to seeing the "logs in the gui" that you'll get from the WSA at this point.


0 Helpful

Go to solution
mehedimec
Level 1
Level 1
In response to Ken Stieers

‎07-03-2019 03:41 AM

Dear Stieers,

 

Thank you so much. This is exactly what I am searching for. Actually ftp port was not enabled so i did not get the link previously.

I need some more help and i am mentioning those issues below:

1. I can't view the log files via the link (which uses the domain name) shown  beside the accesslogs, but i can view the log file using ip (ftp:<ip_address>/accesslogs. Could you please advise what to do to make the shown link workable?

 

2. I can not understand on what basis (file size/time etc) each new log file was created? Maximum file size is set to 10G. Below image is for reference. 

Access logs3.jpg

3. How can i convert these log file into .csv?

 

4. I have tried to export the log to a remote ftp server. For that, accesslogs > Retrival Method > FTP on remote server and provide the required information. It also create a link of my ftp server and I can access to my ftp server through that link, but I did not find any log file there. Does it required any other manual transfer process? or it will send the log after a periodic interval (though i do not find any option like this.).

0 Helpful

Go to solution
Handy Putra
Cisco Employee
Cisco Employee
In response to mehedimec

‎07-03-2019 03:58 PM

Hi,

 

Let me try to chip in here :-)

 

##1

The hostname of the link will be using the hostname of the M1 interface and in order to access it using hostname, you will need to make sure your DNS can resolve this hostname to the IP address of M1 interface.

 

##2

The file size and time are all depends on your accesslogs configuration of rollover method. if you set rollover by file size 10Gb, and you also set rollover by time for 1 day and your traffic during the day are not much and the accesslogs file still not consume of 10GB and 1 day has passed then it will rollover based of 1 day and the file size is less then 10Gb(will have whatever size of that 1 day).

This works vice versa as well, if your traffic is huge and the file consume 10GB in few minutes for example then it will also rollover even though 1 day has not passed yet.

 

##3

The log file is csv ready, just rename the file name. However if you have file size 10GB, dont think excel can open that sort of file size.

 

##4

When you send the log file to remote server such as FTP, make sure the directory that you set to send the log file has correct privilege to put the files in.

Also the rollover configuration will still apply for this.

You can also check the communications between WSA with your FTP server from the "system_logs" or from CLI type displayalerts if the communications have issues.

 

Regards

Handy Putra

0 Helpful

Go to solution
mehedimec
Level 1
Level 1
In response to Handy Putra

‎07-03-2019 11:51 PM

Dear Putra,

 

Thanks a lot.

 

Regards,

mehedi

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to mehedimec

‎07-02-2019 11:14 AM

You can setup ftp config to store logs, but in production environment the logs go up to 10GB size, its hard to read via GUI take ages to load and browser crashes some time, always suggest to use cli or download locally and grep depends on the content you looking for by flitering.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Top