Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring the Log Forwarding Service (LFS) for Cloud Edge

    • Updated:
    • 24 Jan 2020
    • Product/Version:
    • Cloud Edge 5.0
    • Cloud Edge 5.2
    • Cloud Edge 5.3
    • Cloud Edge 5.5
    • Platform:
    • N/A
Summary

Log Forwarding Service is a service of Cloud Edge Cloud Console (CECC) that aims to deliver detailed CECC statistics and data. It is a paid service for Cloud Edge partners who would like to further analyze the detection events or network traffic.

Logs from the CECC Log Forwarding Service is downloaded by the LFS client, which is a download tool that runs as a service in a Linux machine. CECC logs are saved into a local folder in CSV format. With the downloaded files, partners can do some analysis and generate useful report for their customers.

This article shows how to set up the LFS client to download logs for Cloud Edge Log Forwarding Service.

Details
Public
  1. Assign the correct Log Forwarding Service license depending on the box model.
    NABU partners have CE50, CESB, and CESBW licenses.

    Log Forwarding Service Licenses

  2. Contact Trend Micro Technical Support or your sales representative and have a Log Forwarding Service Provision request.
  3. Once the service is ready, you will be provided with the following:
    • LFS-Client-5.0.1580-0.x86_64.rpm - RPM package of LFS client, where 5.0.1580 is the version
    • Credentials - Text file containing some import information of AWS resources
  4. Make sure that you have the hardware and OS spec recommended by Trend Micro:
    • CPU: Cores >= 2
    • Memory: >= 2G
    • Disk: >= 30G
    • OS: CentOS 7.0 64-bit
 
Only CentOS 7.0 has been tested. We do not guarantee software quality if it is running on any other distribution of Linux.
  1. Copy the RPM package to the machine where the client will be running.
  2. Install the RPM package using the rpm command.

    RPM package installation

  3. Copy the credential file provided to the /root folder where the client is installed.
  4. Run the command lfs_setup to make LFS client work.

    Execute lfs_setup

  5. Start the client by running daemonctl.sh start command.

    Start the client

The client is expected to work well with the default configuration. If not necessary, please do not modify the configuration file. However, if you have some requirements to do this, go to /etc/lfs and you can find all configuration files.

Configuration file

For example, if you have a small disk and you aim to prevent the full disk issue, you can set "keep_days" smaller. You can also change the folder where you intend to save the downloaded CSV files.

Below is a sample of lfs_setting.conf, which is the main configuration file:

[AWS]
bucket:                # this is the AWS S3 bucket which saved all logs
sqs:                   # this is the AWS SQS queue which notify new coming logs
[On-demand]
# this is the path where on-demand mode saves its temp results
tmp_path: /var/lfs/data/download/cli
# this is the path where on-demand mode saves its exported csv files
export_path: /var/lfs/data/export/cli            
[Daemon]
# this is the path where daemon mode saves its temp results
tmp_path: /var/lfs/data/download/daemon
# this is the path where daemon mode saves its exported csv
export_path: /var/lfs/data/export/daemon
# this is the interval seconds of the daemon checks from SQS message
check_interval_seconds: 10 
[Purge]
# this is the interval minutes of the purge program checks from daemon export
# folder 0 as disabled
purge_interval_minutes: 1
# this is the days that purge program will keep the exported results
keep_days: 10          
[CSV]
# this is the delimiter (default comma) used in exported csv files to
# separate different columns
delimiter: , 
# this means all string type columns will be surrounded
# by a pair of quotation marks          
quote_string: true

By default, logs are stored under /var/lfs/data/export/daemon, as specified in lfs_setting.conf.

Logs

Below are the list of logs supported:

  • Internet security logs
  • Policy enforcement logs
  • Audit logs
  • Configuration logs:
    • Global Approved/Blocked list
    • Policy
    • Gateway profiles
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000238709
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.