Skip to main content

Netskope Help

Configure NFS on the Log Parser Appliance

A log parsing appliance can be configured to read logs from an NFS share. NFS configuration on the log parsing appliance must be performed using the CLI. You need to make sure NFS server is up, or otherwise the CLI configuration will not be activated. After you have an NFS node up and running, you can specify its IP address and the absolute path to the NFS share.

The NFS share should allow write access, as the log parsing appliance will need to create directories for specific log types. Logs need to be placed in the directory appropriate for that log type. After a log file has been queued for parsing, the original log file is deleted. Please ensure that you retain backups of the original log files, in case they are needed.

  1. Note the IP address of the interface you configured. In this example the Inbound interface of the log appliance has the IP address of 1.1.1.2.

  2. Go to your NFS server and use the chmod command to set the permissions on the NFS server.

    chmod 777 <nfs-share path>
  3. Add the following entry in /etc/exports

    #format 
    #<nfs-share path><inbound interface IP configured on the log appliance>
    
    /home/nsadmin/nfs-share/logs 1.1.1.2(rw,sync,no_root_squash,no_subtree_check)
  4. Activate your new settings by entering this command: %> sudo exportfs -a

  5. Go back to log appliance CLI and enter these commands to configure NFS:

    set log-upload nfs-server enable true
    set log-upload nfs-server host <IP address or name of your NFS server>
    set log-upload nfs-server mount-options <Comma separated list of NFS mount options>
    set log-upload nfs-server remote-mountpoint <Absolute path of the NFS shared directory>
    set log-upload nfs-server subdirectory <Absolute path of the subdirectory within the NFS shared directory>
    save
  6. The configuration was successful if you see:

    NFS setup complete
    Restarting all services
    Restarting networking services
    Restarting resolvconf
    Restarting DNS proxy
    Restarting log
    Configuration saved
  7. You can always look at the configuration by entering the show command: show nfs-server.

  8. Enter the exit command to leave the nsshell configure mode.

  9. If more than one log parsing appliance will be used, steps 1-7 need to be repeated on each one. It's critical that each appliance be assigned its own NFS share because they were not designed to operate on the same NFS directory.

Troubleshooting your NFS CLI Configuration

If the configuration was unsuccessful for any reason, the following message might be displayed on the CLI prompt:

log01(config)# set nfs-server ip-address 1.1.1.1
log01(config)# set nfs-server remote-dir /home/nfs-share/logs
log01(config)# set nfs-server enable true
log01(config)# save
Restarting resolvconf
Restarting lclw
Configuration saved

NFS Server/Mount is not available...Please check NFS server configuration...
If NFS server config looks ok then try saving the config again...

If you see this:

  1. Make sure your NFS server is up and running with correct access permission set for the log box you are using. Here is the sample from /etc/exports on an NFS server that was used for testing. You may choose to use different settings based on your network requirements, as long as the share is writeable ('rw'). etc/exports from NFS server being used for testing:

    #format
    #<nfs-share path><inbound interface IP configured on the log box>
    /home/nsadmin/nfs-share/logs 1.1.1.2 (rw,sync,no_root_squash,no_subtree_check)
  2. Make sure you have configured the inbound interface on the log parsing appliance and you have specified the correct IP address for the NFS server, along with the absolute path of NFS share directory as specified in /etc/exports on your NFS server.

  3. On the NFS server's command prompt, run the following command after editing /etc/exports: > sudo exportfs -a

  4. Save the configuration in the nsshell for the log parsing appliance again. If everything is setup correctly, it should be working properly.