Skip to main content

Netskope Help

Upload Logs from Windows using SFTP

  1. Make sure your log files have the .log extension. If using an archive (zip), you can only have one log file per archive.

  2. You will need an SFTP client. If you are familiar with using private key files and/or have another PSFTP client, you can skip to step 5 below. To download a SFTP client, go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and download the following files:

    • PSFTP: PuTTY SFTP client

    • PuTTY gen: PuTTY key generator

  3. Download the private key from the Netskope tenant UI under Settings > Risk Insights > Log > Upload.

  4. After you have the private key, you need to convert it to a format that PuTTy understands. To do this, launch the file puttygen.exe and click the Load button to select the private key file downloaded from the Netskope Administrator UI in step 3 above. Next click the Save Private Key button to convert the key file to a .ppk file that can be used for the PuTTY SFTP client. Remember the location for this key since we will need it in the next step.

  5. From a command prompt, change to the directory where the converted .ppk key file resides, and then enter this command using the username provided in the Admin UI on the Log > Upload page: psftp -i customerprivatekey.ppk nstransfer@<appliance IP address>

  6. When connected, go to the upload directory (cd upload). Next, go to the directory for the device used for generating the log file in the first step.

    For example, if using Cisco IronPort, you would need to use the cisco-wsa directory (cd cisco-wsa).

    If using Blue Coat logs, you would need to use the proxysg-http-main directory (cd proxysg-http-main).

    If using a custom parser, use the directory named custom-<custom parser name>, where <custom parser name> is the name on the Custom Tab in the Upload Log File dialog box in the Netskope UI (Settings > Risk Insights > Log > Upload > Upload Logs). In this case, the directory name would be custom-test_1_parser.

  7. Upload the log file(s) using the mput command (mput /logs/cisco-ironport.log)

  8. After the logs are uploaded, it will take some time for the system to parse the logs and show events in Skope IT. The larger the log files, the more time it will take.

In this section: