Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure WebGateway to Send or Push Access Logs to the Content Security Reporter

  1. Last updated
  2. Save as PDF

Introduction

This document contains the steps needed to set up a Skyhigh Web Gateway log source in Content Security Reporter that will accept log files that are being pushed from Web Gateway.

Configuring Skyhigh Web Gateway

To properly configure Skyhigh Web Gateway for reporting purposes, follow these steps.

  1.  Logon to the Web Gateway admin user interface and navigate to:

Policy > Settings > Engines > File System Logging > Access Log Configuration. Expand “Settings for Rotation, Pushing, and Deletion".

NOTE: DO NOT CONFIGURE log pushing from the Configuration > > Log File Manager section as this will result in unwanted logs getting sent to WebReporter.

  1. Under Auto Pushing select the "Enable auto pushing" check box and configure the URL to Content Security Reporter.
  2. In the "Destination" field enter the Content Security Reporter log processing URL. For example:

ftp://ContentSecurityReporterIP:9121
http://ContentSecurityReporterIP:9111/logloader/
https://ContentSecurityReporterIP:9112/logloader/

  1. Create a username and password unique to this function and enter them under the “Username" section.

NOTE: The username and password defined here will be needed later in the Content Security Reporter configuration.

If you have multiple Web Gateways pushing logs to one Content Security Reporter server, then use hostname instead of username.

  1. It is recommended to setup the Web Gateway to automatically push the logs immediately after rotation. For that keep the “Enable pushing log files directly after rotation” checked.

If you would like to use time-based push intervals instead, uncheck "Enable pushing logfiles directly after rotation" and set your “Push interval” hours and minutes.

Save Changes in the Web Gateway UI after configuring the Auto Pushing section.

clipboard_e21be588977116461d14096265a2d2c05.png
 

Configuring Content Security Reporter

To configure a Skyhigh Web Gateway log source in Content Security Reporter that will accept log files that are being pushed from Web Gateway:

  1. Log in to ePO and go the Report Server Settings menu.
  2. Click on Log Sources, then Actions, and select New.
  3. The Mode should be "Accept incoming log files" with the type set to "FTP / HTTP(S)". For the Log format, select "Skyhigh Secure Web Gateway (Webwasher) - Auto Discover".
  4. Enter a name for the log source that does not contain spaces.
  5. Enter a username and password in the Logon name and Password fields that will be used by Skyhigh Web Gateway to access this log source when pushing logs.

clipboard_e58b401435cb49052efb7c7cc8e23435b.png

  1. Click OK in the bottom-right corner to save the log source.

Validating Log Source Configuration

If everything was configured properly and a log file push was triggered on Web Gateway, there should be log file jobs displayed in Content Security Reporter.

Log file jobs can be found under Report Server Settings by expanding Log Sources and then selecting Job Queue.

Here is an example of successful log jobs as they are displayed in the user interface:

clipboard_e7513007f581d21ae92266354aa00d203.png

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.