- Send a request for access to the Log Forwarder API to our WFBS-SVC Technical Support team. Send your request along with your WFBS-SVC Activation Code/s by contacting Trend Micro Technical Support.
- Our WFBS-SVC Technical Support team will send you the Cloud Services Platform Integration (CSPI) key pair, which is required to setup Log Forwarder.
- Install Python on Windows, macOS or Linux. Python 3 is recommended.
- Install or upgrade pip (Python package manager) on Windows, macOS or Linux. For more information, refer to this pip documentation about Installation.
- Install all required Python packages. Open Windows Command Prompt or macOS/Linux Terminal, locate pip.exe and key in the following commands:
- Download end_customer.zip , and extract the files using the password "trend".
- Configure logfeeder.ini file. Look for the [cspi] section, and fill in the required information:
[cspi]
ACCESS_TOKEN = aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
SECRET_KEY = ssssssssaaaaaaaammmmmmppppppplllllllleeeeee=
SERVER_HOSTNAME- NABU: smpi-nabu.sco.trendmicro.com
- EMEA: smpi-emea.sco.trendmicro.com
[logfeeder]
log_types = virus,spyware,wtp,url_filtering,behavior_monitoring,device_control,application_control,machine_learning,network_virus,dlp
storage_path = ./logs/- ACCESS_TOKEN is one of the CSPI key pair provided by the Product Manager.
- SECRET_KEY is one of the CSPI key pair provided by the Product Manager.
- SERVER_HOSTNAME is the CSPI FQDN.
- SERVER_PORT should be 443 (no need to change).
- log_types are the threat types which you would like to download from the log archive. There are 10 types of threats; each should be separated by comma.
- storage_path is the location where you would like to keep log archives (e.g. C:\logs\), Environment Variables are not supported.
Sample virus logs:
Query and download the log archive. Open Windows Command Prompt or macOS/Linux Terminal and run the following command:
# python end_customer_query_logs.py
If there is any exception error while using the above scripts, check the response code and map it on the following table:
Error Code | Description |
---|---|
401 | Check your ACCESS_TOKEN and SECRET_KEY in logfeeder.ini and make sure that both are correct. |
408 | Please check your network connection. If your networking connection is okay, try again after 30 minutes. Contact Trend Micro Technical Support if issue remains. |
412 | Please submit your request for access to the Log Feeder API to the WFBS-SVC Product Manager. |
500 | Please try again after 30 minutes. Contact Trend Micro Technical Support if issue remains. |