Reply
Stone Emissary
mothiprasad
Posts: 22
Registered: ‎06-14-2011
Accepted Solution

were to find access logs in IWSVA

Dear all were to check the url access log ..I cant find the url access log file in the server but i can access it through the web gui.
Please use plain text.
Stone Noble
alexey_dudnikov
Posts: 40
Registered: ‎11-11-2010

Re: were to find access logs in IWSVA

by default access log at IWSVA store in database only.

for access as a file you should choose "write logs to database and log files" in Logs > Settings > Reporting Logs

after that at /var/iwss/log/ you can find acces log file in following format access.log.yyyy.mm.dd

default rotation 100MB

 

but keep in mind that store access logs in files very is very greedy for HDD :smileyhappy:

 

Please use plain text.
Stone Emissary
mothiprasad
Posts: 22
Registered: ‎06-14-2011

Re: were to find access logs in IWSVA

Hi thanks for the reply......... The settings what u have said is there but i could not see any such access logs (access.log.yyyy.mm.dd) like the above in the path /var/iwss/log ...I am just getting only the HTTP logs
Please use plain text.
Stone Noble
alexey_dudnikov
Posts: 40
Registered: ‎11-11-2010

Re: were to find access logs in IWSVA

[ Edited ]

By default, access logging is disabled. In order toobtain reports for user access, you must enable access logging by selecting LogHTTP/HTTPS/FTP access events in the Logs > Log Settings > Reporting Logsscreen.

after that select "store access logs at database and files"

Please use plain text.
Stone Emissary
mothiprasad
Posts: 22
Registered: ‎06-14-2011

Re: were to find access logs in IWSVA

Even that settings is enabled but dint get the logs
Please use plain text.
Stone Noble
alexey_dudnikov
Posts: 40
Registered: ‎11-11-2010

Re: were to find access logs in IWSVA

you ensure that goes thru IWSVA?

try to test eicar download or another blocking operation. is it worked? can you see at logs that blocking?

Please use plain text.
Stone Emissary
mothiprasad
Posts: 22
Registered: ‎06-14-2011

Re: were to find access logs in IWSVA

Ya the users are going thro proxy only and its blocking the users according to the policies that we applied but i am getting the access logs in gui and there is no any log for blocking....... but i could not see the access logs in the var/iwss/log path
Please use plain text.
Stone Noble
alexey_dudnikov
Posts: 40
Registered: ‎11-11-2010

Re: were to find access logs in IWSVA

4.PNGin following configuration everything works fine (see screenshot)

 

at console i got:

[root@iwsva55 ~]# ls -la /var/iwss/log/access.log.2011.08.18.0001

-rw-r--r-- 1 iscan iscan 50183 Aug 18 09:26 /var/iwss/log/access.log.2011.08.18.0001

 

[root@iwsva55 ~]# cat /var/iwss/log/access.log.2011.08.18.0001 |more
Date:   8/18/11 9:19:08 AM
Method: https
Server: iwsva55.local
User:   192.168.128.1
ClientIP:       192.168.128.1
ServerIP:       92.122.89.83
Domain: wfbssvc3.icrc.trendmicro.com
Content-Type:   none
Content-Length: 2672
Path:   /
Operation:      CONNECT
Category:       90
CategoryType:   0
----------------------------------
Date:   8/18/11 9:19:10 AM
Method: http
Server: iwsva55.local
User:   192.168.128.1
ClientIP:       192.168.128.1
ServerIP:       150.70.74.67
Domain: reclassify.wrs.trendmicro.com
Content-Type:   text/html
Content-Length: 155
Path:   /
Operation:      GET
Category:       90
CategoryType:   0
----------------------------------
Date:   8/18/11 9:19:10 AM
Method: http

 

Please use plain text.
Stone Emissary
mothiprasad
Posts: 22
Registered: ‎06-14-2011

Re: were to find access logs in IWSVA

But still i cant find the access logs donno y ;(
Please use plain text.
Stone Noble
alexey_dudnikov
Posts: 40
Registered: ‎11-11-2010

Re: were to find access logs in IWSVA

can you send output of following command:

ls /var/iwss/log/

 

and

 

cat /etc/iscan/intscan.ini|grep logtype

Please use plain text.