Updated on April 16, 2024

Syslog Plugin for Log Shipper

Syslog Plugin for Log Shipper

This document explains how to configure the Netskope Cloud Exchange Log Shipper module and required plugins to forward Netskope Cloud Exchange platform logs to a Syslog Server. The Syslog plugin collects Cloud Exchange logs and sends them to a Syslog server.

Prerequisites

To complete this configuration, you need:

  • A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
  • A Syslog Server configured to accept logs from Netskope Cloud Exchange.
Cloud Exchange Version Compatibility

This plugin is compatible with all the supported Netskope CE Versions

Syslog Plugin Support

This plugin is used to pull Cloud Exchange logs and share them with Syslog plugins.

Workflow

  1. Configure the Syslog plugin.
  2. Configure the Log Shipper SIEM Mappings for Syslog.
  3. Validate the Syslog plugin.

Configure the Syslog for CE Plugin

  1. Go to Settings > Plugins.
  2. Select the Syslog for CE box to open the plugin creation dialog.
    Syslog2.png
  3. Enter a Configuration Name.
    image1.png
  4. Click Next and enter these Configuration Parameters:
    • Log Types: The type of logs to fetch and push to your Syslog server. The possible values are: Information, Warning, and Error.
    • Initial Range (in days): The number of days to pull the log data for the initial run.
      image2.png
  5. Click Save.

Configure the Syslog Plugin

  1. In Cloud Exchange, go to Settings > Plugins.
  2. Search for and select the Syslog box to open the plugin creation pages.
  3. Enter a Configuration Name and select a Mapping file from the dropdown list. Cloud Exchange uses a mapping file to translate Netskope field names to third party field names, like Syslog Default Mappings.
    image3.png
  4. Click Next and enter these Configuration Parameters:
    • Syslog Server
    • Syslog Format
    • Syslog Protocol
    • Syslog Port
    • Syslog Certificate
    • Log Source Identifier

      Note

      The Syslog Certificate is only required if TLS is used for the Syslog Protocol.

      image4.png

Configure Log Shipper SIEM Mappings

  1. Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.
  2. Select a Source Configuration (Syslog for CE plugin) and a Destination Configuration (Syslog plugin).
  3. Click Save.
image5.png
Share this Doc

Syslog Plugin for Log Shipper

Or copy link

In this topic ...