Cloud Connector Quality Check
The Skyhigh Cloud Connector Quality Check allows you to display and check the Custom Attributes you have already configured in the Cloud Connector web user interface to make sure that they are mapped correctly.
The Quality Check requires Enterprise Connector 3.7.2 or later.
To run the Quality Check:
IMPORTANT: The Cloud Connector Service and CLI cannot run at the same time. Stop the Cloud Connector Service before issuing the following CLI commands.
- Stop Cloud Connector Service.
- Run the
clicommand:- Linux:
[root@localhost]# ./shnlpcli q --maxfiles 1 - Windows:
C:\shnlp> shnlpcli.exe q --maxfiles 1
- Linux:
| Parameter | Value | Note |
|---|---|---|
| q | - | "q" stands for Quality Check. |
| --maxfiles | 1-99 | How many files should be processed within the defined log folder(s) for Quality Check. The folders are defined in Skyhigh CASB under Cloud Connector > Log Configuration. |
NOTE: You cannot specify a specific file name, unless you configure a file name in Log Configuration. The CLI will take one random file from the defined log configuration folder.
- If successful, the result is structured as follows:
- Sample log lines are displayed including the log file name that has been processed:
- The next part shows how many valid entries with corresponding log fields were found that are matched to CSPs only:
- Sample log lines are displayed including the log file name that has been processed:
NOTE: Custom Attributes "Custom_[1-5]" are only show matches if they have been defined in parser configuration.
- The next step shows how many log entries (right) have been matched against a specfific CSP-ID. For example: CSP_ID "2799" stands for "Microsoft Exchange Online". The IDs are part of the Skyhigh CASB Registry.
- The next step shows some sample outputs of each log column the parser has matched against. This is helpful in case there are variations in the log fields, where the parser need to be adjusted.
- The next part shows invalidates in attributes, in case some fields of a logline are missing or could not be identified:
NOTE: There will be always a view invalidates, as a perfect log does not exist which has all valid entries.
- The last part shows a summary of the log configuration.
NOTE: Sometimes some log fields, such as "http-status" in this example, are not available. In this case, you should check with the log provider to include these missing fields, if possible. Ideally, you should have a configuration of 100%.
In case the validation fails, check the logs under shnlp/logs/shnlpcli-debug.log. This is the log file from the CLI output that contains some additional information.