Exporting Log Files

This article explains how to use the Cato Management Application to export logs for your account from the cloud log storage (AWS S3 bucket).

Overview of the Log Exporter

Note

Note: The Log Exporter feature will be deprecated in March 2024. For more information, see the relevant Release Note.

You can export zipped files of event logs to integrate with a SIEM system and/or store in a remote location (for example, for regulatory or archival purposes). The log files are exported to secure storage in the AWS bucket (an S3 bucket), and each account is securely separated from other accounts. Cato stores the logs in the S3 bucket for 7 days. The Cato Management Application lets you download a script and when you run the script it downloads the zipped log files from AWS to a local file.

To show the Logs Exporter screen:

  • From the navigation menu, click Administration > Log Exporter. The Log Exporter screen opens.

logexporter.png

Configuring the Log Exporter Settings

You can choose to export the logs in CEF or JSON format, and select which types of events you are exporting.

To configure the settings for the exported logs:

  1. From the navigation menu, click Administration > Log Exporter. The Log Exporter screen opens.

  2. Select the file format for the exported logs, from Format. Option type is CEF or JSON.

  3. Select the types of events to export in the Types to log section. Types include:

    • Audit Trail - Admin changes made in the Cato Management Application

    • Health - Logs related to connectivity for LAN monitoring, sites, and VPN Clients in the account

    • Security - Logs generated by Threat Protection and firewall engines

    • System - Logs related to LDAP, User Awareness, license, and users accounts

  4. Click Save. The Log Exporter settings are configured.

Downloading Logs with the Client Script

The Cato Management Application provides a Bash script file that connects to the Amazon S3 bucket for your account and downloads the logs files to your local host.

We recommend that you run the script automatically at scheduled intervals. You can also run the script manually as required.

Note

Note: Modifying the client script is not supported.

To download the client script from the Cato Management Application:

  1. From the navigation menu, click Administration > Log Exporter. The Log Exporter screen opens.

  2. Click Download Client Script.

Changing the Access Token

The client script includes a unique access token for your account. For increased security, you can regularly change the access token used by the client script. Changing the access token also creates a new secure location where Cato Networks stores the log files.

After you change the access token, click Download Client Script to download the client script with the new access token. Wait about 15 minutes for the new access token to update in the cloud before you run the new client script. You can still access the previous logs with the script that includes the previous access token was changed.

To change the access token:

  1. From the navigation menu, click Administration > Log Exporter. The Log Exporter screen opens.

  2. Click Change Access Token.

  3. In the confirmation window, click Apply.

Was this article helpful?

3 comments

  • Comment author
    Alicia Wingren

    Hello!

    Is there any roadmap to have standard syslog compatibility?  This would be an invaluable feature.

    Thanks,
    Alicia Wingren

  • Comment author
    Joey Fancher

    Piggybacking on Alicia's comment above, having the ability to setup exporting to a syslog server would be valuable.

  • Comment author
    Yaakov Simon

    Alicia Wingren and Joey Fancher Thanks for your comments - currently Cato doesn't have plans to support syslog. In addition, we will be deprecating Log Exporter in March 2024. Exporting events will be supported in the JSON format.

    Thanks!

Add your comment