- Send a request for access to the Log Forwarder API to our WFBS-SVC Technical Support team. Send your request along with your WFBS-SVC Activation Code/s by contacting Trend Micro Technical Support.
- Our WFBS-SVC Technical Support team will send you the Cloud Services Platform Integration (CSPI) key pair, which is required to setup Log Forwarder.
- Install Python on Windows, macOS or Linux. Python 3 is recommended.
- Install or upgrade pip (Python package manager) on Windows, macOS or Linux. For more information, refer to this pip documentation about Installation.
- Install all required Python packages. Open Windows Command Prompt or macOS/Linux Terminal, locate pip.exe and key in the following commands:
- Download end_customer.zip, and extract the files using the password "trend".
- Configure logfeeder.ini file. Look for the [cspi] section, and fill in the required information:
[cspi]
ACCESS_TOKEN = aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
SECRET_KEY = ssssssssaaaaaaaammmmmmppppppplllllllleeeeee=
SERVER_HOSTNAME- NABU: smpi-nabu.sco.trendmicro.com
- EMEA: smpi-emea.sco.trendmicro.com
[logfeeder]
log_types =
mgmt_log_types =- If “log_types” or “mgmt_log_types” has no values, the tool will download all types of available logs.
- If `log_types` or ‘mgmt_log_types’ is commented (example: “;log_types” , or “;mgmt_log_types”), the tool won't download any logs for the commented type.
- “log_types” available values: wtp,spyware,application_control,behavior_monitoring,url_filtering,virus,dlp,device_control,machine_learning,so,network_virus,ivp,youtube
- “mgmt_log_types” available values: mgmt_administrative,mgmt_device,mgmt_group,mgmt_policy,mgmt_report,mgmt_account,mgmt_ad,mgmt_threat_investigation,mgmt_so,mgmt_system
result_format = syslog_CEF
storage_path = ./logs/
save_to_local_storage = true- ACCESS_TOKEN is one of the CSPI key pair provided by the Product Manager.
- SECRET_KEY is one of the CSPI key pair provided by the Product Manager.
- SERVER_HOSTNAME is the CSPI FQDN.
- SERVER_PORT should be 443 (no need to change).
- log_types are the risk detection types which you would like to download from the log archive. There are 13 types of detections, and each should be separated by comma.
- mgmt_log_types are the web console event log types which you would like to download from the log archive. There are 10 types of web console events, each should be separated by comma.
- result_format is the log format that will be exported. Available values: "syslog_WF" / "syslog_CEF" / "syslog_LEEF" / "json"
- storage_path is the location where you would like to keep log archives (e.g. C:\logs\), Environment Variables are not supported.
- save_to_local_storage is the option to save logs to local storage or not. Available values: "true" / "false"
Sample virus logs:
Query and download the log archive. Open Windows Command Prompt or macOS/Linux Terminal and run the following command:
# python end_customer_query_logs.py
If there is any exception error while using the above scripts, check the response code and map it on the following table:
Error Code | Description |
---|---|
401 | Check your ACCESS_TOKEN and SECRET_KEY in logfeeder.ini and make sure that both are correct. |
408 | Please check your network connection. If your networking connection is okay, try again after 30 minutes. Contact Trend Micro Technical Support if issue remains. |
412 | Please submit your request for access to the Log Feeder API to the WFBS-SVC Product Manager. |
500 | Please try again after 30 minutes. Contact Trend Micro Technical Support if issue remains. |