Syslog Plugin for Log Shipper
This document explains how to configure the Netskope Cloud Exchange Log Shipper module and required plugins to forward Netskope Cloud Exchange platform logs to a Syslog Server.
To complete this configuration, you need:
A Netskope Tenant (or multiple, for example, production and development/test instances)
A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
A Syslog Server configured to accept logs from Netskope Cloud Exchange.
Configure the Syslog plugin.
Configure the Log Shipper SIEM Mappings for Syslog.
Validate the Syslog plugin.
Go to Settings > Plugins.
Select the Syslog for CE box to open the plugin creation dialog.
Enter a Configuration Name.
Click Next and enter these Configuration Parameters:
Log Types: The type of logs to fetch and push to your Syslog server. The possible values are:
Information
,Warning
, andError
.Initial Range (in days): The number of days to pull the log data for the initial run.
Click Save.
In Cloud Exchange, go to Settings > Plugins.
Search for and select the Syslog box to open the plugin creation pages.
Enter a Configuration Name and select a Mapping file from the dropdown list. Cloud Exchange uses a mapping file to translate Netskope field names to third party field names, like Syslog Default Mappings.
Click Next and enter these Configuration Parameters:
Syslog Server
Syslog Format
Syslog Protocol
Syslog Port
Syslog Certificate
Log Source Identifier
Note
The Syslog Certificate is only required if TLS is used for the Syslog Protocol.
Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.
Select a Source Configuration (Syslog for CE plugin) and a Destination Configuration (Syslog plugin).
Click Save.