If you selected Log Ingestion
- Select Proxy Type - Select a proxy type from the prompt.
- Select Existing Format or Add New Format -- Choose either of the following options from the prompt for the proxy type you selected:
- Select an existing format (Step 3), or
- Create a new format (Step 4).
- To use an existing format, choose a format from the prompt, and go to Step 6.
- To create a new format, follow these steps:
- Scroll to the bottom of the list and choose Add a New Format.
If you selected Palo Alto Networks as the proxy type, see Configuring Log Ingestion for Palo Alto Networks.
- In the Log File field, click Browse, and select log files to upload.These files serve as proxy logs from which Secure Cloud Access will draw data to analyze unsanctioned cloud applications. Choose one or more log files, making sure that the total size of the files you select is not greater than 1 GB.
- Select a log file format, either Index Type or Common Event Format (CEF).For Juniper and Meraki logs, you do not need to select a file format.
If you choose Index Type, select a delimiter for your log files. The options are Space, Comma, or
Regex (for entering a regular expression).
- For Log Time Format, select the option button for the time format in your logs: either Epoch time (default) or Other.
If you select Other:
- In the left-hand text box, enter a time format from your logs, for example:
- 13/01/2021 11:36:24 is mapped to the date and time format dd/mm/yyyy hh:mm:ss.
- Click the check mark icon.
- If a mapping cannot be found, respond to the message by entering a time format manually and click the check mark icon again.
- Select a time zone or accept the default time zone shown.
- Click Save and Next.
The Format Mapping page appears.
Format mapping enables you to match the header information used in the log files with the header information found from the uploaded files.
- Left column -- The clear boxes show field values from the uploaded logs that are available for mapping. The boxes in gray are values that have been mapped.
-
Right column -- The boxes bordered in green show headers that the system interprets to be mapped with the correct values. The boxes bordered in gray show headers that have not been mapped with
the appropriate values. A red stripe along the left side of a box indicates that a value is required for that header.
- Examine the values in the right column.
- If any values are mapped to the wrong headers, click Clear, and drag the correct value from the left column.
-
For any other headers that need mapping, drag the matching value from the left column.
- In the Name the Format field (below the mapping form), enter a name for this format.Click Save and Next.
- Select the source type for this format:
- Spooling Directory
- Syslog TCP
- Syslog UDP