Upload Logs using SFTP
Upload Logs using SFTP
SFTP is an interactive way to upload log files, which helps you get familiarized with the overall process before automating it using SCP.
Upload Logs with Windows using SFTP
- Make sure your log files have the
.log
extension. If using an archive (zip), you can only have one log file per archive. - You will need an SFTP client. If you are familiar with using private key files and/or have another PSFTP client, you can skip to step 5 below. To download a SFTP client, go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and download the following files:
- PSFTP: PuTTY SFTP client
- PuTTY gen: PuTTY key generator
- Download the private key from the Netskope tenant UI under Settings > Risk Insights > Log > Upload.
- After you have the private key, you need to convert it to a format that PuTTy understands. To do this, launch the file
puttygen.exe
and click the Load button to select the private key file downloaded from the Netskope Administrator UI in step 3 above. Next click the Save Private Key button to convert the key file to a.ppk
file that can be used for the PuTTY SFTP client. Remember the location for this key since we will need it in the next step. - From a command prompt, change to the directory where the converted
.ppk
key file resides, and then enter this command using the username provided in the Admin UI on the Log > Upload page:psftp -i customerprivatekey.ppk nstransfer@<appliance IP address>
- When connected, go to the
upload
directory (cd upload
). Next, go to the directory for the device used for generating the log file in the first step.For example, if using Cisco IronPort, you would need to use the
cisco-wsa
directory (cd cisco-wsa
).If using Blue Coat logs, you would need to use the
proxysg-http-main
directory (cd proxysg-http-main
).If using a custom parser, use the directory named
custom-<custom parser name>
, where<custom parser name>
is the name on the Custom Tab in the Upload Log File dialog box in the Netskope UI (Settings > Risk Insights > Log > Upload > Upload Logs). In this case, the directory name would becustom-test_1_parser
. - Upload the log file(s) using the
mput
command (mput /logs/cisco-ironport.log
) - After the logs are uploaded, it will take some time for the system to parse the logs and show events in Skope IT. The larger the log files, the more time it will take.
Upload Logs with Mac or Linux using SFTP
- Make sure your log files have the
.log
extension. If using an archive (zip), you can only have one log file per archive. - Download the private key from the Netskope Administrator interface.
- You may need to change permissions of the private key file to restrict access. Enter this command to change permissions of the downloaded private key file:
chmod 600 customer_sshkey.key
- Launch a terminal window and establish an SFTP connection to the Appliance IP
cd upload
Address, specifying the directory where the downloaded private key resides. Next enter this command using the username provided in the Admin UI on the Log > Upload page:sftp -i /privatekey/customer_sshkey.key nstransfer@<appliance IP address>
- When connected, go to the
upload
directory (). Next, go to the directory for the device used for generating the log file in the first step. For example, if using Cisco IronPort, you would need to use thecisco-wsa
directory (cd cisco-wsa
). If using Blue Coat logs, go to ‘proxysg-http-main
‘ (cd proxysg-http-main
). - Upload the log file(s) using the
mput
command (mput /logs/cisco-ironport.log
) - After the logs are uploaded, it will take some time for the system to parse the logs and show events in Skope IT. The larger the log files, the more time it will take.