Cloud Exchange Logs v2.0.0 Plugin for Log Shipper

Cloud Exchange Logs v2.0.0 Plugin for Log Shipper

This document explains how to configure the Cloud Exchange Logs plugin with the Log Shipper module of the Netskope Cloud Exchange platform. The Cloud Exchange Logs plugin collects Cloud Exchange logs and sends them to the Syslog server.

Prerequisites

A Netskope Cloud Exchange tenant with the Log Shipper module already configured.

CE Version Compatibility

This plugin is compatible with 5.1.0 and above versions of CE.

Cloud Exchange Logs Plugin Support

This plugin is used to pull Netskope CE Logs and share it with Syslog plugins.

CE Logs Yes (Error, Warning, Info, Debug)

Workflow

  1. Configure Cloud Exchange Logs Plugin.
  2. Configure a Third Party Plugin.
  3. Configure SIEM Mapping with Cloud Exchange Logs Plugin as Source and Third Party Plugin as destination.

Click play to watch a video.

 

Configure the Cloud Exchange Logs Plugin

  1. In Cloud Exchange, go to Settings > General and enable the Log Shipper module.
  2. In Settings, go to Plugins.
  3. Search for and select the Cloud Exchange Logs plugin box.
  4. Enter a configuration name.
  5. Click Next and enter the values for the Configuration Parameters:
    • Log Types: Types of logs to fetch.
    • Initial Range (in days): Number of days to pull the log data for the initial run.

  6. Click Save.

Add a SIEM Mapping for Cloud Exchange Logs

In order to add SIEM Mappings, a third-party Log Shipper plugin, like Syslog, has to be configured before proceeding. You need both a source and destination plugin (configurations) to create the SIEM mapping.

  1. In Log Shipper, go to SIEM Mappings and click Add SIEM Mapping.
  2. Select the Source plugin (Cloud Exchange Logs plugin) and Destination configuration (Syslog plugin).
  3. Save the SIEM Mapping.

After the SIEM mapping is added, the data will start getting pulled from the Netskope CE Logs, transformed, and ingested into the Syslog platform.

Validate the Cloud Exchange Logs Plugin

Validate the Pull

To validate the pulling of logs from Cloud Exchange, go to the Logging and search for the pulled logs.

Validate the Push

To validate the plugin workflow in Netskope Cloud Exchange.

  1. Go to Logging and search for ingested events with the filter message contains ingested.
  2. The ingested logs will be filtered.
Share this Doc

Cloud Exchange Logs v2.0.0 Plugin for Log Shipper

Or copy link

In this topic ...