Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Full Traffic Logging : Downloading log files
Downloading log files
Forcepoint Web Security Cloud | Configuring Full Traffic Logging
To download log data when it is available, run the script that you have set up. If you are using the provided sample script, the available parameters to use with the script are described below.
Some parameters have a short form (for example, -v) and a long form (for example, --verbose). For these parameters, both options are listed.
Parameter
Description
-u <username>
--username
Mandatory. Defines the logon user name for connecting to the cloud service. This must be an administrator contact with Log Export permissions.
For example:
-u FTL_user@example.com
-p <password>
--password
Mandatory. This is the password for the specified user name.
For example:
-p Ft2016Logs
-v
--verbose
Optional. Runs the script in verbose mode, which displays progress messages.
Verbose mode provides feedback on the script's progress, for example:
*
Downloading filelist from <host name> as <user name>
*
No files available to download
*
Downloading <file> to <file name location>
-h <hostname>
--host
Optional. Defines the host name to connect to. This is specified in the script by default, so you would only need this option if you have edited the script to remove it, or if you have been given a different URL to connect to.
For example:
-h https://sync-web.mailcontrol.com
-d <file path>
--destination
Optional. Defines the destination directory for the downloaded log files. If not specified, the files are downloaded into your current working directory.
For example:
-d /cloudweb/logs
-m
--md5sum
Optional. Checks the md5sum of each downloaded file. The MD5 hash is commonly used to verify the integrity of files (i.e. to verify that a file has not changed as a result of file transfer or disk error), and can therefore be used to check the files before they are deleted from the server.
-l
--list-only
Optional. Displays a list of available log files without downloading them.
--proxy <proxy details>
Optional. Specifies an HTTP proxy to use if you are having difficulty connecting to the cloud service. The proxy must be in the form http://username:password@host:port
For example:
--proxy http://jsmith:Abc123@proxy_server:80
--format= <format>
Optional. Creates a new data file containing the original downloaded data rewritten in the desired format. The new file's name has the relevant data format as a suffix. Note that when this parameter is used, by default the original *.gz file from the source server is not saved to the destination directory.
Valid data formats are:
csv: Comma Separated Values
cef: ArcSight Common Event Format
wc3: WC3 Extended Log file Format (http://www.w3.org/TR/WD-logfile.html)
For example:
--format=csv
--keepgz
Optional. Use in conjunction with the format parameter to download and keep a copy of the *.gz data file in the destination directory. This overrides the default behavior of the format parameter.
For example:
--format=csv --keepgz
--delete
Optional. Deletes the original data file from the source server following download. The default option is to delete the file from the server.
--nodelete
Optional.Keeps the original data file on the source server after download. This parameter is provided for testing purposes while configuring the format parameter described above, enabling you to download a file in different formats. Note that files are still only retained for 14 days, and you will still receive a warning after 7 days if a downloaded data file remains on the server.
--max_batch_size
Optional. Specifies the maximum number of files to download. When set, each time the script is run, the configured number of files are downloaded, starting with the newest files.
--man
Optional. Displays the list of parameters with their descriptions.
--help
Optional. Displays a brief description of the program's purpose.
Due to the volume of data, we recommend importing the information into a database to analyze the downloaded log files. For more information about the downloaded data, see File format definition for full traffic logging.
Scheduling log file download
Once you have run an initial download and determined the parameters you want to use in your script, set up a scheduled service to run automatic downloads.
We recommend that you download the log files at least once a day. To avoid periods of high network traffic, select a random time for the download (for example, somewhere between 10 and 50 minutes past the hour).
Scheduling on Windows
Before scheduling downloads from the cloud service, make sure that the Windows Task Scheduler service is started. To check this:
1.
Open the Windows Services tool (Start > Control Panel > Administrative Tools > Services or Server Manager > Tools > Services).
2.
Scroll down to Task Scheduler.
*
If the status is Started, you need do nothing.
*
Otherwise, click Start or Resume to start the service.
To schedule the log file download:
1.
Open the Windows Scheduled Tasks tool (Start > Control Panel > Scheduled Tasks or Server Manager > Tools > Scheduled Tasks).
2.
Double-click Add Scheduled Task.
3.
Work through the Scheduled Task Wizard as follows:
a.
Browse to the location where you have stored your script.
b.
Select how often to perform the task (daily is advisable).
c.
Select a time to start the task, and the start date.
d.
Enter your network user name and password (not the user name and password you set up in the Cloud TRITON Manager).
e.
Mark the Open advanced properties for this task checkbox, then click Finish.
4.
On the Task tab, add the -u, -p, and -d parameters to the end of the Run field, before the closing quotes, as well as any other parameters you want to use.
The Run field might look similar to this:
"\\server\users\jsmith\hosted_logs\full_traffic_log_download.pl -u FTL_user@example.com -p Ft2010Logs -d /hostedweb/logs"
5.
Click OK.
Scheduling on Linux
Create a cron job to schedule your script to run at the times you want. For more information in Linux, see man cron and man crontab.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Full Traffic Logging : Downloading log files
Copyright 2022 Forcepoint All rights reserved.