Monitor Status using the Tenant UI
Monitor Status using the Tenant UI
The logs are processed on the appliance and extracted cloud app events are uploaded to your tenant instance in the Netskope appliance the beginning of each hour. The logs you see in the tenant at the beginning of each hour are for the previous hour, and the latest logs are in the queue.
You can check the status of the log processing on the Settings > Risk Insights > Log > Upload page. This page shows the files uploaded, the number of events extracted from the file, and whether a log file is Started, Queued, or Completed. If no events were extracted, refer to the Knowledge Base article No Events are Extracted.
You can also monitor the status of the appliance, such as memory,disk space, process status, and so on, from the tenant UI. Go to Settings > Security Cloud Platform > On-Premises Infrastructure to see the status. Some of the items displayed under Infrastructure are:
- Content: Shows the Success icon when the latest content software package has been installed.
- SF Upgrade: Shows the Success icon when the latest Secure Forwarder software package has been installed.
- Serial Number: Shows the serial number of the appliance.
- Name: Shows the hostname configured on the appliance.
- Configuration: Shows the types of configurations installed on the appliance, like DNS, Secure Forwarder, Log Parser, and so on.
- Status: Shows the Disconnected icon when the appliance is not operating.
- Last Status Change: Shows the last time the appliance refreshed the Status information.
- Last Seen: Shows the last time the appliance connected to the backend server. The appliance sends a status update to Netskope backend server every 30 seconds.
- Version: Shows the version of software installed.
Click the toggle arrow to view the details. This view provides additional details of current outstanding events and all the processes running on the appliance, like disk space usage, memory used, etc.
- Installed Packages: Shows the Netskope packages installed on the appliance
- SF Upgrade: Shows the time and status of the last Secure Forwarder upgrade.
- AD Logs: Shows the AD parser status. When the appliance receives logs from AD Connector, this process is responsible for processing the AD logs files and create the IP to User mapping files.
- Log Parser: Shows the status of the log Risk Insights process. The log Risk Insights feature processes the log files and extracts the cloud app events of interest and uploads them to the Netskope tenant.
- System: Shows the disk usage, memory usage, CPU load average, and how long the system has been up.
- KMIP: Shows the KMIP status when the VA is configured as an On-Premises Key Manager for encryption. This is not applicable for the OPLP.
- Syslogng: Shows the status only when the appliance is configured as syslogng.
- Log Watcher: Shows the status of the log watcher process, which moves the log files from the
/nslogs/user/upload/<parser>folder to the
/opt/ns/logcollector/tenant/0/<parser>folder. Once moved it queues the file for processing.
- Secure Forwarder: Secure Forwarder status is displayed only when the VA is configured in Secure Forwarder mode. This is not applicable for the OPLP.
Create and View Alerts
If the Management Plane is deployed on-premises, then you must setup an SMTP server on the appliance to allow email alerts to be sent from the appliance.
To configure your internal SMTP server on the appliance:
- In the tenant UI, go to Settings > Manage > SMTP Configuration.
- Provide the host name and port of your internal SMTP server.
- Choose whether to use SSL and enable certificate validation.
- Provide a username and password. Click Test.
Setup alerts in the tenant UI.
- Go to the Settings > Security Cloud Platform > On-Premises Infrastructure page.
- Scroll down and click Configure Alerts under Infrastructure.
- On the Infrastructure Alerts screen, select or add the email recipients you want to alert when status changes.
To access and view alerts in the tenant UI, on the On-Premises Infrastructure page, click View Logs. The following information is displayed on the Infrastructure Logs page.
- Time: The date and time at which the alert was created.
- Device Serial Number: The serial number of the appliance on which the alert was created.
- Device Name: The name of the appliance on which the alert was created.
- Severity: The severity of the alert.
- Type: The type of alert.
- Description: The description of the alert.