Skip to main content
  • EN

It’s incredibly difficult to know the overall NS client's status from thousands of log records at first glance. Netskope log analyzer will make it easy to understand over all NS client status.

 

blue book Prerequisite

Complete the procedure described in the below:

Linux user:
How to install Splunk on Linux machine🐧

Mac user:
How to install Splunk on an Apple silicon Mac machine🍎

 

blue book How to Install

Here is a procedure how to install Netskope log analyzer.

  1. Please create a folder at the following location. Splunk will monitor this folder and start indexing logs as soon as it detects client logs.

    sudo mkdir -p /var/log/splunk/logs
     

    sudo chmod 777 /var/log/splunk/logs

  2. Place the Add-on folder in the Splunk apps directory.

    For Linux user:

    cd /opt/splunk/etc/apps/
    git clone https://github.com/netskopeoss/netskope_log_analyzer.git

    Mac Linux user:

    cd /Applications/Splunk/etc/apps
    git clone https://github.com/netskopeoss/netskope_log_analyzer.git

  3. Restart Splunk

    sudo splunk restart


    Congrat! App Installation completed!!
    Let’s upload NS client log to Splunk server and study how to use this tool.
     

  4. Access to http://127.0.0.1:8000/en-GB/app/netskope_log_analyzer

     

blue book How to use

  1. Unzip NS Client log and rename the folder
    Important! 
    Unzip log file and give an unique folder name to it. This app uses this unique folder name internally.

    ex)
    You can name the folder name like <SFDC ticket number>_<Customer name>

  • Extract the Netskope log bundle and upload the log folder to /var/log/splunk/logs. Splunk will detect the logs in the log folder and start indexing them.

  • Go to Splunk Web UI using the user/pass you configred at How to install Splunk on Linux machine🐧

    • http://<your Ubuntu VM’s IP>:8000

       

  • Select “Netskope Log Analyzer” from the Apps dropdown menu located on the left top.
     

     

  • Select folder name you uploaded at the Client Log dropdown menu.

  • You will see the log analyse result in the dashoad.

 

 

Hi ​@Rohit_Bhaskar 

Thank you for this article! 

I can’t see the link for the 20250312_0911_netskope_log_analyzer.tgz.. 

 

Thanks

TP

Found it

https://github.com/netskopeoss/netskope_log_analyzer.git


Thanks

TP

Hi,

Two questions.

Are all log levels supported? (Dump, Info, Warning etc)

Are details about all steered and bypassed processes, IPs, domains etc parsed into splunk as well? 

I see the obvious use case where troubleshooting the Netskope agent itself, but I also see another use case where this could be used to investigate if the Netskope client is steering a certain application.   

Thanks

//Georgiana

Hi ​@Georgiana ,

The widgets embedded in the add-on's dashboard are essentially Splunk search queries.
If the search query returns no results, the widget is displayed as blank. Therefore, it is not designed to reference log records with log levels such as Dump or Debug. (Technically, it is possible to create widgets by searching these level of logs.)

Since it is uncommon for users to increase the log level, this approach is taken to prevent blank widgets from being displayed.

Thank you,
Toshi

Reply


Terms & ConditionsCookie settings