How to decrypt encrypted Skyhigh Web Gateway log files and de-anonymize log files using the tool LogFileDecrypter
Last Modified: 2023-12-13 10:27:34 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to decrypt encrypted Skyhigh Web Gateway log files and de-anonymize log files using the tool LogFileDecrypter
Technical Articles ID:
KB70062
Last Modified: 2023-12-13 10:27:34 Etc/GMT EnvironmentSkyhigh Web Gateway (SWG)
Summary
SWG allows you to enable log file encryption. Select Encrypt the log file in the settings container that holds the configuration of the user-defined log files. These log files include SWG also allows you to anonymize parts of your log files, such as username or source IP address. Log files must be de-anonymized before you can read the original contents. SolutionTo decrypt an encrypted log file or de-anonymize a log file, use the
Access the appliance using SSH. Root access isn't needed. You can manually create a user for these tasks as follows:
Now, use the appropriate command:
After you run the appropriate command, SWG writes the content to the console. You can redirect it into a text file, if needed, with the following command:
You can find the result in
Related Information
IMPORTANT: Don't use encryption if you want to import log files into Content Security Reporter or Web Reporter.
Affected ProductsLanguages:This article is available in the following languages: |
|