topic Re: Log Exporter - additional fields in Firewall and Security Management

Log Exporter - additional fields

H4ppyM3 — Thu, 04 Nov 2021 17:17:53 GMT

Dear Checkmates,

Can you please help me with configuration of some extra fields to be exported to our syslog via cp_log_exporter ? I’ve a requirement that also in the log received by syslog to see “bytes in/out “

Checking the sk122323

Steps:

a) On my MDS under the specific domain I location I modify following file: targetConfiguration.xml

<mappingConfiguration> fieldsMapping.xml </mappingConfiguration>

<exportAllFields> false</exportAllField

b) In file: fieldsMapping.xml

<field>

<exported>true</exported>

<required>true</required

</field>

<field>

<exported>true</exported>

<required>true</required

</field>

<field>

<exported>true</exported>

<required>true</required

<origName>sent_bytes</origName>

<dstName>sent_bytes</dstName>

</field>

<field>

<required>true</required

<origName>received_bytes</origName>

<dstName>received_bytes</dstName>

</field>

<table>

But still – it does not work.
Log fields mapping can be found here : sk144192

Restart cp_log_export.

Re: Log Exporter - additional fields

PhoneBoy — Fri, 05 Nov 2021 04:21:24 GMT

My understanding is this a new log entry is sent every 10 minutes or so with the bytes in/out, assuming either accounting is enabled or the rule used App Control with Detailed or Extended logs.
The initial log entry certainly won’t have it…by design.

Re: Log Exporter - additional fields

H4ppyM3 — Fri, 05 Nov 2021 14:36:18 GMT

thanks PhoneBoy - indeed accounting does enable the packet/bytes in/out and are visible in syslog. What about other "fields" - how can I customize the log output ?

Re: Log Exporter - additional fields

PhoneBoy — Fri, 05 Nov 2021 16:04:46 GMT

As far as I know, it should export more or less everything by default.
What precise fields are missing from the output?