Running the SIEM log file download script for Forcepoint storage
You can use the parameters described below to customize the sample download script used to download reporting logs from the cloud service for use by your SIEM tool.
Some parameters have a short form (for example, -v) and a long form (for example, --verbose). For these parameters, both options are listed.
Parameter | Description |
---|---|
|
Mandatory. Defines the logon user name for connecting to the cloud service. This must be an administrator contact with Log Export permissions. For example: -u siem_user@example.com |
|
Mandatory. This is the password for the specified user name. For example: -p Ft2016Logs |
--stream |
Mandatory. This is used to determine the type of files to be downloaded. Valid values are web, email, or all. If “all” is specified, /web and /email folders are created under the destination directory and files are downloaded to the corresponding folder. |
|
Optional. Runs the script in verbose mode, which displays progress messages. Verbose mode provides feedback on the script’s progress, for example:
|
|
Optional. Defines the host name to connect to. This is specified in the script by default, so you would only need this option if you have edited the script to remove it, or if you have been given a different URL to connect to. For example: -h https://sync-web.mailcontrol.com |
|
Optional. Defines the destination directory for the downloaded log files. If not specified, the files are downloaded into your current working directory. For example: -d /cloudweb/logs |
|
Optional. Checks the md5sum of each downloaded file. The MD5 hash is commonly used to verify the integrity of files and can be used to check the files before they are deleted from the server. |
|
Optional. Displays a list of available log files without downloading them. |
--proxy <proxy details> |
Optional. Specifies an HTTP proxy to use if you are having difficulty connecting to the cloud service. The proxy must be in the form http:// username:password@host:port For example: --proxy http:// jsmith:Abc123@proxy_server:80 |
--max_download_children |
Optional. Specifies the number of downloading processes to run in parallel. If not set, a single process is used. The maximum number of processes that can run in parallel is 10. If the list-only parameter returns a large number of files not yet downloaded, set this value to 10 to allow the downloads to process those files. |
--infinite_loop |
Optional. When configured, the download and reformat processes are run in an infinite loop. If not set, files that become available when the script is running are not downloaded. |
--man |
Optional. Displays the list of parameters with their descriptions. |
--help |
Optional. Displays a brief description of the program’s purpose. |
--cfgfile |
Optional. Specifies the location of a configuration file which can include values for the other parameters. |
A configuration file might look like this:
username=admin@company.com password=password1 host=sync- web.mailcontrol.com infinite_loop=false verbose=true
max_download_children=3 md5sum=false list_only=true stream=all destination=/tmp proxy=http:// user2@company.com:password2@myproxy.com:8081/ pidfile=/var/tmp/ftl.pid
See Getting started with SIEM integration for additional details on setting up SIEM integration and scheduling the download.