Skip to main content
McAfee Enterprise MVISION Cloud

MVISION Cloud Connector Quality Check

The MVISION Cloud Connector Quality Check allows you to display and check the Custom Attributes you have already configured in the Cloud Connector web user interface to make sure that they are mapped correctly. 

The Quality Check requires Enterprise Connector 3.7.2 or later. 

To run the Quality Check:

IMPORTANT: The Cloud Connector Service and CLI cannot run at the same time. Stop the Cloud Connector Service before issuing the following CLI commands.

  1. Stop Cloud Connector Service.
  2. Run the cli command:
    • Linux: [root@localhost]# ./shnlpcli q --maxfiles 1
    • Windows: C:\shnlp> shnlpcli.exe q --maxfiles 1
Parameter Value Note
q - "q" stands for Quality Check. 
--maxfiles 1-99 How many files should be processed within the defined log folder(s) for Quality Check. The folders are defined in MVISION Cloud under Cloud Connector > Log Configuration. 

 

NOTE: You cannot specify a specific file name, unless you configure a file name in Log Configuration. The CLI will take one random file from the defined log configuration folder.

  1. If successful, the result is structured as follows:
    • Sample log lines are displayed including the log file name that has been processed:clipboard_e4c7845b6df87f056e0ec75ae02aee42a.png
    • The next part shows how many valid entries with corresponding log fields were found that are matched to CSPs only:
      clipboard_ea4be742ae624aff091ef4a390505034f.png


NOTE: Custom Attributes "Custom_[1-5]" are only show matches if they have been defined in parser configuration.

  • The next step shows how many log entries (right) have been matched against a specfific CSP-ID. For example: CSP_ID "2799" stands for "Microsoft Exchange Online". The IDs are part of the MVISION Cloud Registry.
    clipboard_e629845be6f57a299d1efceadf732af65.png
  • The next step shows some sample outputs of each log column the parser has matched against. This is helpful in case there are variations in the log fields, where the parser need to be adjusted.
    clipboard_e5cbfb8a0846d5891f6b0ab60c4ad7bdb.png
  • The next part shows invalidates in attributes, in case some fields of a logline are missing or could not be identified:clipboard_eb375931264c773126f1216614d548b06.png

NOTE: There will be always a view invalidates, as a perfect log does not exist which has all valid entries.

  • The last part shows a summary of the log configuration. clipboard_e908ef38d750ceccfad6f1b574fe938b5.png

NOTE: Sometimes some log fields, such as "http-status" in this example, are not available. In this case, you should check with the log provider to include these missing fields, if possible. Ideally, you should have a configuration of 100%.

In case the validation fails, check the logs under shnlp/logs/shnlpcli-debug.log. This is the log file from the CLI output that contains some additional information.

 

  • Was this article helpful?