Software Secure Access
Activity Manage

Cisco Secure Access Help Manage Logging Log Formats and Versioning Log File Name Formats

Last updated: Aug 07, 2025

Log File Name Formats

Logs are uploaded in 10-minute intervals from the Secure Access log queue to the AWS S3 bucket. Within the first two hours after a completed configuration, you should receive your first log upload to your AWS S3 bucket.


 
To check if everything is working, the Last Sync time in Secure Access should update and logs should begin to appear in your AWS S3 bucket. The logs appear in a GZIP format with the following file name format. The files will also be sorted into date-stamped folders.

  • Admin Audit logs - auditlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • Cloud Firewall traffic - firewalllogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • DLP traffic - dlplogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • DNS traffic - dnslogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • File Events traffic - fileeventlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • IPS traffic - intrusionlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • Remote Access VPN traffic - ravpnlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • Web traffic - proxylogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • Zero Trust Network Access traffic - ztnalogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz
  • Zero Trust Access flow traffic - ztnaflowlogs/<year>-<month>-<day>/<year>-<month>-<day>-<hour>-<minute>.csv.gz