Syslog Plugin for Log Shipper

Syslog Plugin for Log Shipper

This document explains how to configure the Netskope Cloud Exchange Log Shipper module and required plugins to forward Netskope Cloud Exchange platform logs to a Syslog Server.


To complete this configuration, you need:

  • A Netskope Tenant (or multiple, for example, production and development/test instances)
  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
  • A Syslog Server configured to accept logs from Netskope Cloud Exchange.


  1. Configure the Syslog plugin.
  2. Configure the Log Shipper SIEM Mappings for Syslog.
  3. Validate the Syslog plugin.

Configure the Syslog for CE Plugin

  1. Go to Settings > Plugins.
  2. Select the Syslog for CE box to open the plugin creation dialog.
  3. Enter a Configuration Name.
  4. Click Next and enter these Configuration Parameters:
    • Log Types: The type of logs to fetch and push to your Syslog server. The possible values are: Information, Warning, and Error.
    • Initial Range (in days): The number of days to pull the log data for the initial run.
  5. Click Save.

Configure the Syslog Plugin

  1. In Cloud Exchange, go to Settings > Plugins.
  2. Search for and select the Syslog box to open the plugin creation pages.
  3. Enter a Configuration Name and select a Mapping file from the dropdown list. Cloud Exchange uses a mapping file to translate Netskope field names to third party field names, like Syslog Default Mappings.
  4. Click Next and enter these Configuration Parameters:
    • Syslog Server
    • Syslog Format
    • Syslog Protocol
    • Syslog Port
    • Syslog Certificate
    • Log Source Identifier


      The Syslog Certificate is only required if TLS is used for the Syslog Protocol.


Configure Log Shipper SIEM Mappings

  1. Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.
  2. Select a Source Configuration (Syslog for CE plugin) and a Destination Configuration (Syslog plugin).
  3. Click Save.
Share this Doc

Syslog Plugin for Log Shipper

Or copy link

In this topic ...