Netskope Help

Upload Logs using SFTP

SFTP is an interactive way to upload log files, which helps you get familiarized with the overall process before automating it using SCP.

Upload Logs with Windows using SFTP
  1. Make sure your log files have the .log extension. If using an archive (zip), you can only have one log file per archive.

  2. You will need an SFTP client. If you are familiar with using private key files and/or have another PSFTP client, you can skip to step 5 below. To download a SFTP client, go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and download the following files:

    • PSFTP: PuTTY SFTP client

    • PuTTY gen: PuTTY key generator

  3. Download the private key from the Netskope tenant UI under Settings > Risk Insights > Log > Upload.

  4. After you have the private key, you need to convert it to a format that PuTTy understands. To do this, launch the file puttygen.exe and click the Load button to select the private key file downloaded from the Netskope Administrator UI in step 3 above. Next click the Save Private Key button to convert the key file to a .ppk file that can be used for the PuTTY SFTP client. Remember the location for this key since we will need it in the next step.

  5. From a command prompt, change to the directory where the converted .ppk key file resides, and then enter this command using the username provided in the Admin UI on the Log > Upload page: psftp -i customerprivatekey.ppk nstransfer@<Management Plane appliance IP address>

  6. When connected, go to the upload directory (cd upload). Next, go to the directory for the device used for generating the log file in the first step.

    For example, if using Cisco IronPort, you would need to use the cisco-wsa directory (cd cisco-wsa).

    If using Blue Coat logs, you would need to use the proxysg-http-main directory (cd proxysg-http-main).

    If using a custom parser, use the directory named custom-<custom parser name>, where <custom parser name> is the name on the Custom Tab in the Upload Log File dialog box in the Netskope UI (Settings > Risk Insights > Log > Upload > Upload Logs). In this case, the directory name would be custom-test_1_parser.

  7. Upload the log file(s) using the mput command (mput /logs/cisco-ironport.log)

  8. After the logs are uploaded, it will take some time for the system to parse the logs and show events in SkopeIT. The larger the log files, the more time it will take.

Upload Logs with Mac or Linux using SFTP
  1. Make sure your log files have the .log extension. If using an archive (zip), you can only have one log file per archive.

  2. Download the private key from the Netskope Administrator interface.

  3. You may need to change permissions of the private key file to restrict access. Enter this command to change permissions of the downloaded private key file:chmod 600 customer_sshkey.key

  4. Launch a terminal window and establish an SFTP connection to the management plane appliance IP cd upload Address, specifying the directory where the downloaded private key resides. Next enter this command using the username provided in the Admin UI on the Log > Upload page: sftp -i /privatekey/customer_sshkey.key nstransfer@<Management Plane appliance IP address>

  5. When connected, go to the upload directory (). Next, go to the directory for the device used for generating the log file in the first step. For example, if using Cisco IronPort, you would need to use the cisco-wsa directory (cd cisco-wsa). If using Blue Coat logs, go to 'proxysg-http-main' (cd proxysg-http-main).

  6. Upload the log file(s) using the mput command (mput /logs/cisco-ironport.log)

  7. After the logs are uploaded, it will take some time for the system to parse the logs and show events in SkopeIT. The larger the log files, the more time it will take.