Source types for the Splunk Add-on for Cisco WSA¶
This add-on provides the index-time and search-time knowledge for the following types of data from Cisco WSA.
| Squid access logs for Version 11.7, 11.8, and 12.5 of Cisco WSA |
The access logs for Cisco Web Security Appliance in version 11.7, 11.8, and 12.5 record Web Proxy client history in squid. The logs are stored in the format <filename>.s on the server. For example, aclog.@20130316T120308.s |
cisco:wsa:squid:new |
Web |
| W3C access logs | The access logs for Cisco Web Security Appliance record Web Proxy client history in W3C format. The logs are stored as a <filename>.s on the server. For example, w3c_log.@20130316T120308.s |
cisco:wsa:w3c:recommended |
Web |
| L4TM logs | The Layer-4 Traffic Monitor logs for Cisco WSA records all Layer-4 Traffic Monitor activity. The logs are stored as a <filename>.s on the server. For example, tmon_misc.@20130507T012232.s. |
cisco:wsa:l4tm |
Network Traffic |
| Syslog logs | Logs for GUI, CLI and audit. The logs are stored as a <filename>.s on the server. For example, gui_logs.@20130507T012232.s. |
cisco:wsa:syslog |
Change, Web, Change Account |