Configuring the Management Console for Forcepoint V-Series Content Gateway

You can configure event logging in the Content Gateway Manager.

Procedure

  1. Log into your Forcepoint Content Gateway Manager.
  2. Click the Configure tab.
  3. Select Subsystems > Logging.

    The General Logging Configuration window is displayed.

  4. Select Log Transactions and Errors.
  5. Select Log Directory to specify the directory path of the stored event log files.

    The directory that you define must exist and the Forcepoint user must have read and write permissions for the specified directory.

    The default directory is /opt/WGC/logs.

  6. Click Apply.
  7. Click the Custom tab.
  8. In the Custom Log File Definitions window, type the following text for the LEEF format.
    <LogFormat>               <Name = "leef"/>               <Format = "LEEF:1.0|Forcepoint|WCG|7.6|              %<wsds>|cat=%<wc>               src=%<chi> devTime=%<cqtn>               devTimeFormat=dd/MMM/yyyy:HH:mm:ss Z               http-username=%<caun> url=%<cquc>                method=%<cqhm> httpversion=%<cqhv>               cachecode=%<crc>dstBytes=%<sscl> dst=%<pqsi>                srcBytes=%<pscl> proxy-status-code=%<pssc>               server-status-code=%<sssc> usrName=%<wui>                duration=%<ttms>"/>           </LogFormat>
    <LogObject>               <Format = "leef"/>               <Filename = "leef"/>           </LogObject>
    Note: The fields in the LEEF format string are tab separated. You might be required to type the LEEF format in a text editor and then cut and paste it into your web browser to retain the tab separations. The definitions file ignores extra white space, blank lines, and all comments.
  9. Select Enabled to enable the custom logging definition.
  10. Click Apply.

What to do next

You can now enable event logging for your Forcepoint Content Gateway.