Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Migrate Logging Client to Log Collector

  1. Last updated
  2. Save as PDF

NOTE: This section is intended only for the existing Logging Client users.

IMPORTANT:

 

  • To migrate from Logging Client to Log Collector, you must configure the Skyhigh Cloud Connector. 
  • You must have the Skyhigh Cloud Connector user role to install and configure Cloud Connector. For details, see About User Roles and Access Levels.
  • You must access Skyhigh CASB user interface from the same network on which your Cloud Connector is installed. Otherwise, you cannot enable the feature or configure settings. 

Before migrating to the Log Collector, you must stop the existing Logging Client. Once you migrate to the Log Collector, you can start collecting the logs from the Log Collector. The logs collected during the migration period will not be lost.

IMPORTANT: Stop the existing Logging Client to avoid duplicate events before enabling the Log Collector. You can stop the Service by clicking Stop Service on the existing Logging Client configuration page.

Perform the below migration steps to collect logs from the Log Collector:

► Step 1
Download and install Cloud Connector version 6.5.2 and above. Before installing the Cloud Connector, make sure all prerequisites have been met. For details, see Skyhigh Cloud Connector Prerequisites. To perform Step 2, the Logging Client and the Cloud Connector should be up and running.
► Step 2

Stop the existing Logging Client and collect the toTime timestamp. The Logging Client has pulled the data until the toTime timestamp. The toTime is recorded in the time_stamp table of the configuration.db.

You can get the toTime timestamp in two different ways:

  • By running the commands in the online tools
  • By running the Python script from the Logging Client

Run the commands using the online tool

Use online tools such as https://sqliteonline.com/ and from the tool, select configuration.db file (File > Open DB), and then run SELECT fromTime, toTime FROM time_stamp command to get toTime. 

SqliteOnline_CC_Migration.png
 

NOTE: Convert toTime into yyyy.MM.dd.HH.mm.ss format. 

Run the Python script from the Logging Client

Run the below Python script from the existing Logging Client to know the toTime timestamp.

NOTE: Python 3.x should be installed to run the below script.

import sqlite3

#Creating file path
dbfile = "C:\<logging-client-tool-installed-path>\app-x.x.x\configuration.db"

#Create a SQL connection to our SQLite database
con = sqlite3.connect(dbfile)

#Query to execute
query = "select toTime from time_stamp"
cur = con.cursor()

#Execute query
results = cur.execute(query)
for x in results:
 print("To Time: " + x[0])
con.close()

Output of the above command:

toTime: 1703142920
► Step 3

Configure Log Collector on the SIEM Integration (Inline) tab. For Log Collector configurations, see Log Collector Configuration. Once you complete the configuration, you must STOP the Cloud Connector.

► Step 4

Run the below CLI commands to update the toTime timestamp of the last successful request made by the Logging Client. This command allows the Cloud Connector to make consecutive requests from the updated toTime timestamp. Once you execute the below commands, start the CC to collect and process the logs. 

NOTE: Run the CLI commands at the path <EC-Installed-Directory> ./shnlpcli <command>.

Operating System CLI Command
Linux 
root@EC-VM12:/shn/wlc# ./shnlpcli updateLoggingClientLastSuccess --logType "SWG" --updateTime <toTime>
Windows 
PS C:\shnlp> .\shnlpcli.exe updateLoggingClientLastSuccess --logType "SWG" --updateTime <toTime>
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
  2. Tags
    This page has no tags.