設定自動記錄檔上傳以進行連續報告Configure automatic log upload for continuous reports

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

記錄收集器可讓您輕鬆地從網路自動上傳記錄檔。Log collectors enable you to easily automate log upload from your network. 記錄收集器會在您的網路上執行,透過 Syslog 或 FTP 接收記錄檔。The log collector runs on your network and receives logs over Syslog or FTP. 每個記錄都會自動處理、壓縮和傳輸至入口網站。Each log is automatically processed, compressed, and transmitted to the portal. 檔案將 FTP 轉送至記錄收集器完畢後,FTP 記錄會上傳至 Microsoft Cloud App Security。FTP logs are uploaded to Microsoft Cloud App Security after the file finished the FTP transfer to the Log Collector. 針對 Syslog,記錄收集器會將接收到的記錄寫入磁碟。For Syslog, the Log Collector writes the received logs to the disk. 然後收集器會在檔案大小大於 40 KB 時將檔案上傳到 Cloud App Security。Then the collector uploads the file to Cloud App Security when the file size is larger than 40 KB.

在將記錄上傳到 Cloud App Security 之後,它便會移動到備份目錄。After a log is uploaded to Cloud App Security, it's moved to a backup directory. 備份目錄會儲存最後 20 個記錄。The backup directory stores the last 20 logs. 每次有新的記錄檔抵達,就會刪除舊的記錄檔。When new logs arrive, the old ones are deleted. 當記錄收集器磁碟空間已滿時,記錄收集器會在有更多可用磁碟空間之前卸除新的記錄。Whenever the log collector disk space is full, the log collector drops new logs until it has more free disk space. 發生這種情況時,您會在 [自動上傳記錄]**** 設定的 [記錄收集器]**** 索引標籤上收到警告。You'll receive a warning on the Log collectors tab of the Upload logs automatically settings when this happens.

在設定自動收集記錄檔之前,請先確認您的記錄與預期記錄類型相符。Before setting up automatic log file collection, verify your log matches the expected log type. 您可能會想確保 Cloud App Security 能剖析您的特定檔案。You want to make sure Cloud App Security can parse your specific file. 如需詳細資訊,請參閱使用 Cloud Discovery 流量記錄For more information, see Using traffic logs for Cloud Discovery.

注意

  • Cloud App Security 支援將記錄檔從 SIEM 伺服器轉送到記錄檔收集器,假設記錄檔是以原始格式轉送。Cloud App Security provides support for forwarding logs from your SIEM server to the Log Collector assuming the logs are being forwarded in their original format. 不過,強烈建議您直接整合記錄收集器與防火牆及 (或) Proxy。However, it is highly recommended that you integrate the log collector directly with your firewall and/or proxy.
  • 記錄收集器會在上傳資料前壓縮資料。The log collector compresses data before it is uploaded. 記錄收集器的輸出流量將會是所收到流量記錄大小的 10%。The outbound traffic on the log collector will be 10% of the size of the traffic logs it receives.
  • 如果記錄收集器發生問題,在 48 小時未收到資料之後,您會收到警示。If the log collector encounters issues, you will receive an alert after data wasn't received for 48 hours.

部署模式Deployment modes

記錄收集器支援兩種部署模式:The Log Collector supports two deployment modes:

下一步Next steps