The section covers configuring a Log Export Server, a prerequite for using the Cloud Web Security Log Export.
Before you can configure the Cloud Web Security Log Export feature, you must first configure a Log Export Server. The Log Export Server is configured at a global level and can be used not only for Cloud Web Security but for any SASE service that includes a log export feature.
Add or Edit a Log Export Server
To view or create a Log Export server, go to Add Syslog Server.
. The page to configure is titledLog Export Configuration | |
---|---|
Name | Whatever name you want to assign to this endpoint. |
Log Format Type | You can select from three different log format types: LEEF, JSON, and CEF. For the purposes of configuring a Log Export Server for Cloud Web Security, you must select JSON as Cloud Web Security only sends fields names with the JSON format. |
Endpoint | The server endpoint must be either an IPv4 address or an FQDN with a port. |
TLS Certificate | Fill in (or paste) the Transport Layer Security (TLS) Certificate. |
TLS Key | Fill in (or paste) the Transport Layer Security (TLS) Key. |
TLS CA Certificate | This field is optional as some Syslog Server providers do not provide a TLS Certificate Authority (CA) Certificate. If your server does have one, fill in (or paste) it here. |
Test Connection | Clicking this button checks to see that VMware can connect to your server successfully. A successful connection with result in the Orchestrator UI showing a green banner that reads "Connection to endpoint Successful". Should the connection fail, you would see an error in a red banner that includes the wording "An error occurred while trying to connect to endpoint..." with specific details and error code. Using this information, please review your settings and correct the configuration as needed. |
When you have completed all required fields and confirmed a successful connection test, click Add Endpoint and your server is then added to your list of Syslog Servers.
Once the server is added you can then view it on the lower down on the Log Export Configuration page under Added Syslog Server. Once added to this section, you can both review and edit the endpoint configuration.
You can either click on the name of your server or check the left-hand box and then click EDIT to open the Edit Endpoint Details page:
Once satisfied that your server is properly configured and can connect to the VMware side, you can proceed to configuring the server to receive Cloud Web Security logs.