home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Step 1 -- Create Continuous Data Ingestion Agent

If you selected Log Ingestion

  1. Select Proxy Type - Select a proxy type from the prompt.
  2. Select Existing Format or Add New Format -- Choose either of the following options from the prompt for the proxy type you selected:
    • Select an existing format (Step 3), or
    • Create a new format (Step 4).
  3. To use an existing format, choose a format from the prompt, and go to Step 6.

  4. To create a new format, follow these steps:
  5. Scroll to the bottom of the list and choose Add a New Format.

    If you selected Palo Alto Networks as the proxy type, see Configuring Log Ingestion for Palo Alto Networks.

  6. In the Log File field, click Browse, and select log files to upload.
    These files serve as proxy logs from which Secure Cloud Access will draw data to analyze unsanctioned cloud applications. Choose one or more log files, making sure that the total size of the files you select is not greater than 1 GB.

  7. Select a log file format, either Index Type or Common Event Format (CEF).
    For Juniper and Meraki logs, you do not need to select a file format.

    If you choose Index Type, select a delimiter for your log files. The options are Space, Comma, or

    Regex (for entering a regular expression).

  8. For Log Time Format, select the option button for the time format in your logs: either Epoch time (default) or Other.

    If you select Other:

    • In the left-hand text box, enter a time format from your logs, for example:
    • 13/01/2021 11:36:24 is mapped to the date and time format dd/mm/yyyy hh:mm:ss.
    • Click the check mark icon.
    • If a mapping cannot be found, respond to the message by entering a time format manually and click the check mark icon again.
    • Select a time zone or accept the default time zone shown.
  9. Click Save and Next.

    The Format Mapping page appears.

    Format mapping enables you to match the header information used in the log files with the header information found from the uploaded files.

    • Left column -- The clear boxes show field values from the uploaded logs that are available for mapping. The boxes in gray are values that have been mapped.

    • Right column -- The boxes bordered in green show headers that the system interprets to be mapped with the correct values. The boxes bordered in gray show headers that have not been mapped with

      the appropriate values. A red stripe along the left side of a box indicates that a value is required for that header.

  10. Examine the values in the right column.
    • If any values are mapped to the wrong headers, click Clear, and drag the correct value from the left column.

    • For any other headers that need mapping, drag the matching value from the left column.

  11. In the Name the Format field (below the mapping form), enter a name for this format.
    Click Save and Next.
  12. Select the source type for this format:
    • Spooling Directory
    • Syslog TCP
    • Syslog UDP

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.