The Lumu Virtual Appliance (VA) offers the option to create Collectors, a seamless way to integrate with network metadata of your entire enterprise and forward it to the Lumu cloud with the lowest impact on the network operation. 

In cases where the attacks avoid domain resolution, the traces of adversarial contact can lie in the Web access logs of proxies. This option is also available to accommodate networks where DNS configuration is not possible. In this scenario, the proxy forwards the logs to Lumu’s VA for processing traffic. As the proxy filters URL access, all the IT assets using it would be monitored. This approach ensures compromise visibility without having to make major changes.

In this guide, we provide instructions and resources on configuring a Skyhigh Secure Web Gateway (SWG) Cloud instance to forward all Proxy logs to Lumu through Virtual Appliance.

Requirements

• Skyhigh Secure Web Gateway Cloud subscription.
• Admin access and computing resources to install the Skyhigh Logging Client.
• The most recent version of the Lumu Virtual Appliance installed.

These are the general steps you should follow to deploy and configure the Skyhigh Logging Client to send all metadata to Lumu:

Deploy and Set Up Lumu VA

All the detailed steps and guidance to create, download, and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:

• Deploy Virtual Appliances Configure Virtual Appliances and Setup Collector.
  

Set up a Lumu VA Firewall Log Collector

Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command lumu-appliance collectors refresh . If the appliance is running, it should be stopped for setting up collectors.

Select the option that refers to Skyhigh Secure Web Gateway (Cloud) and the format that better suits your needs, then inform the following data:

• Protocol type: you can select between TCP and UDP according to your infrastructure and the settings for the Skyhigh Logging Client.
• Port number: provide a number between 1024 and 65535, inclusive.
• User username information instead of the device name: select if you want to see the username information instead of the device name in the traffic information.

Deploy and set up Skyhigh Logging Client

The Skyhigh Logging Client is a Windows app that collects Debug and Error log files. You can use these files to investigate or to perform analysis with Skyhigh SSE and SWG.

The Logging Client retrieves and stores the log at configured intervals. You can save the logs to a folder on your local computer or send them to a Syslog server. To install an instance of the Skyhigh Logging Client, follow the instructions depicted in Skyhigh Security | Install and Configure the Logging Client .

When configuring the Skyhigh Logging Client, have in mind the following considerations:

• In the Service field, select WGCS.
• In the API Version field, type 9.
• In the Log Type field, select Web.
• In the Scheduling Interval field, 2 is recommended.
• Mark the Send as Syslogs option.
• Fill in the Syslog-Client Host, Syslog-Client Port, and Transport fields with the configuration used in the collector created in the Lumu VA.

Finish the installation process according to the installation guide. More details of the configuration settings can be found there.