Hello fellow Skopers,
if you are like me, you sometimes struggle analyzing Netskope client logs because they are so noisy, span multiple files, and are difficult to filter. Especially if you are faced with a problem where you’re not quite sure what to look for. The fact that there is no reference guide available for these logs complicates things further.
That’s why I built a little CLI tool to help me analyze the logs and separate the signal from the noise.
It’s very early in its development, but it can already do these things:
- Output a chronological, scoped timeline of high-signal events, showing errors and client status changes
- Filters relevant events like client lifecycle and UI status, config and update activity, tunnel and gateway events, DNS/proxy/PAC problems, Fail Closed and captive portal signals, NPA connection events, and TLS/certificate issues
- Analyze and inventory client log bundles (the zip files) with useful information
Much more is planned, like an interactive dashboard in the terminal (inspired by the official Splunk plugin), log search, a traffic analyzer (tunneled, bypassed, etc.) with URL category lookups, summary reports, etc.
If you want to check it out or play around with it, you can find it here:
https://github.com/cryptochrome/nskclog
All contributions are more than welcome: feedback, feature requests, bug reports, log samples, etc. - Simply open an issue or discussion topic on the repo or respond here.
Free and open source, works on Windows, Linux and macOS. Written in Go.
Please note that this is not affiliated with or endorsed by Netskope. It’s purely a community effort from a Netskope admin.
Cheers, Sascha
