This section covers the configuration of Log Export for Cloud Web Security.
To configure the Log Export feature for Cloud Web Security logs, follow these steps:
1. Navigate to Cloud Web Security > Monitor > Log Export
On the Orchestrator, select Cloud Web Security which takes you to the Cloud Web Security > Monitor section by default. On the Monitor page, select Log Export on the left-side menu to view or edit this feature.
2. Configure Log Export
- On the Log Export page, you must first choose which type of logs to export:
- Web Logs derived from CASB, Web Security, and Web Application rules.
- DLP Logs derived from DLP rules.
For the log types you want exported toggle the On/Off slider in the upper right corner.
- Once you have chosen which log types to export, you must select a log server under Select Log Server. The drop down menu will includes all the log servers you configured under Global Settings > Log Export Configuration.
- In the Select Fields to Export section, click on the fields you want exported to your log server.
Note: Cloud Web Security only exports these fields in a JSON format and the selected Log Server must be configured to use the JSON format.
- Click Save Changes to complete the configuration.
Confirm a Successful Configuration
Once you have saved your configuration for Log Export, navagate to the Events page using the left-hand menu.
On Events, look for or filter for the events shown in the following screen: CWS Log Export Configuration enabled, and CWS Log Export Infrastructure Success. These events confirm the configuration for the log types and that Cloud Web Security has successfully connected to the log server and can export logs.
Notes Regarding Log Export
- After you complete the initial configuration, it will take from 2-5 minutes for Cloud Web Security to export the first logs.
- Later configuration changes like adding or removing log fields will also take from 2-5 minutes to take effect.
- Syslog entries are sent in batches, not individually.
- Logs are sent continuously, but not instantaneously. Expect up to a 2 minutes delay from the time a log is generated to Cloud Web Security Sending it to your server.