Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Using the Cloud Edge Log Forwarding Service (LFS)

    • Updated:
    • 20 Dec 2019
    • Product/Version:
    • Platform:
    • N/A

While Cloud Edge Cloud Console itself provides a powerful log analysis and report capabilities, some customers prefer to use their own centralized log management systems. The Cloud Edge Log Forwarding Service (LFS) is a licensable feature that enables Cloud Edge Cloud Console to forward logs to external SIEMs or similar applications. Managed Service Providers (MSPs) can assign the LFS service plan to customers who are entitled.


To enable the LFS service, the MSP partner should contact Trend Micro Channel Account Manager, who will verify the license and enable the LFS service in the backend.

Data Flow

Once enabled, the log data will flow through the following:

  1. Log storage in the cloud
  2. Secure channel, authenticated and compressed
  3. Log Forwarding Service client
  4. Output to local file directory tree

Trend Micro will provide an LFS client and its associated credentials. Once installed and configured, the LFS client will download Cloud Edge logs from the cloud using a secure channel. The client is then authenticated to prevent any unauthorized access. The log data in transit are compressed to save bandwidth and they are decompressed before writing to the local file system. The output file format is CSV, which can be easily imported into any third-party SIEM systems such as Splunk, etc.

Data Content

The LFS client downloaded data consist of several types:

  • Internet Security logs
  • Policy Enforcement logs
  • Audit logs
  • Configuration data including:
    • Gateway profiles
    • Policies
    • Global Approved/Blocked list

The output CSV files are grouped first by timestamps, then by log types. The schema of these files will be provided by Trend Micro once customers sign up for the LFS service.

An MSP partner can use the LFS service to aggregate information from multiple customers. This allows statistics to be generated across the entire management domain; making it extremely flexible.

Query and Visualization

SIEM systems such as Splunk can be configured to import CSV files automatically. Once Cloud Edge logs are processed, powerful queries can be written to extract relevant information, correlate with other log sources, and provide high-value visualization as needed.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.