Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Forcepoint V-Series Content Gateway

 

The Forcepoint V-Series Content Gateway DSM for JSA supports events for web content on Forcepoint V-Series appliances with the Content Gateway software.

The Forcepoint V-Series Content Gateway DSM accepts events using syslog to stream events or by using the log file protocol to provide events to JSA. Before you can integrate your appliance with JSA, you must select one of the following configuration methods:

Configure Syslog for Forcepoint V-Series Content Gateway

The Forcepoint V-Series DSM supports Forcepoint V-Series appliances that run the Forcepoint Content Gateway on Linux software installations.

Before you configure JSA, you must configure the Forcepoint Content Gateway to provide LEEF formatted syslog events.

Configuring the Management Console for Forcepoint V-Series Content Gateway

You can configure event logging in the Content Gateway Manager.

  1. Log into your Forcepoint Content Gateway Manager.
  2. Click the Configure tab.
  3. Select Subsystems >Logging.

    The General Logging Configuration window is displayed.

  4. Select Log Transactions and Errors.
  5. Select Log Directory to specify the directory path of the stored event log files.

    The directory that you define must exist and the Forcepoint user must have read and write permissions for the specified directory.

    The default directory is /opt/WGC/logs.

  6. Click Apply.
  7. Click the Custom tab.
  8. In the Custom Log File Definitions window, type the following text for the LEEF format.
    Note

    The fields in the LEEF format string are tab separated. You might be required to type the LEEF format in a text editor and then cut and paste it into your web browser to retain the tab separations. The definitions file ignores extra white space, blank lines, and all comments.

  9. Select Enabled to enable the custom logging definition.
  10. Click Apply.

You can now enable event logging for your Forcepoint Content Gateway.

Enabling Event Logging for Forcepoint V-Series Content Gateway

If you are using a Forcepoint V-Series appliance, contact Forcepoint Technical Support to enable this feature.

  1. Log in to the command-line Interface (CLI) of the server running Forcepoint Content Gateway.
  2. Add the following lines to the end of the /etc/rc.local file:

    Where <IP Address> is the IP address for JSA.

  3. To start logging immediately, type the following command:
    Note

    You might need to type the logging command in Enabling Event Logging for Forcepoint V-Series Content GatewayIf you are using a Forcepoint V-Series appliance, contact Forcepoint Technical Support to enable this feature. or copy the command to a text editor to interpret the quotation marks.

    The configuration is complete. The log source is added to JSA as syslog events from Forcepoint V-Series Content Gateway are automatically discovered. Events forwarded by Forcepoint V-Series Content Gateway are displayed on the Log Activity tab of JSA.

Configuring a Log Source for Forcepoint V-Series Content Gateway

JSA automatically discovers and creates a log source for syslog events from Forcepoint V-Series Content Gateway.

The following configuration steps are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select Forcepoint V Series.
  9. Using the Protocol Configuration list, select Syslog.
  10. Configure the following values:

    Table 1: Syslog Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your Forcepoint V-Series Content Gateway appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

    The configuration is complete.

Log File Protocol for Forcepoint V-Series Content Gateway

The log file protocol allows JSA to retrieve archived log files from a remote host.

The Forcepoint V-Series DSM supports the bulk loading of log files from your Forcepoint V-Series Content Gateway using the log file protocol to provide events on a scheduled interval. The log files contain transaction and error events for your Forcepoint V-Series Content Gateway:

Configuring the Content Management Console for Forcepoint V-Series Content Gateway

Configure event logging in the Content Management Console.

  1. Log into your Forcepoint Content Gateway interface.
  2. Click the Configure tab.
  3. Select Subsystems >Logging.
  4. Select Log Transactions and Errors.
  5. Select Log Directory to specify the directory path of the stored event log files.

    The directory you define must already exist and the Forcepoint user must have read and write permissions for the specified directory.

    The default directory is /opt/WGC/logs.

  6. Click Apply.
  7. Click the Formats tab.
  8. Select Netscape Extended Format as your format type.
  9. Click Apply.

You can now enable event logging for your Forcepoint V-Series Content Gateway.

Configuring a Log File Protocol Log Source for Forcepoint V-Series Content Gateway

When you configure your Forcepoint V-Series DSM to use the log file protocol, ensure that the host name or IP address that is configured in the Forcepoint V-Series is configured the same as the Remote Host parameter in the log file protocol configuration.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select the Forcepoint V Series.
  9. From the Protocol Configuration list, select the Log File.
  10. From the Service Type list, select the Secure File Transfer Protocol (SFTP) option.
  11. In the FTP File Pattern field, type extended.log_.*.old.
  12. In the Remote Directory field, type/opt/WCG/logs.

    This is the default directory for storing the Forcepoint V-Series log files that you specified in Configuring the Content Management Console for Forcepoint V-Series Content GatewayConfigure event logging in the Content Management Console..

  13. From the Event Generator list, select LINEBYLINE.
  14. Click Save.
  15. On the Admin tab, click Deploy Changes.

    The log source is added to JSA.