Multiple events are getting as a single log while pulling the events from the CATO using the API

pranav

Hi Team,

We are using the cato-toolbox and using the cloud RIN, we are fetching the events from the CATO SASE.

https://github.com/catonetworks/cato-toolbox/tree/main/eventsfeed

With this help we are pulling the events from the CATO using the API and forwarding the events to the HUB Server over the specific port.

But when we are pulling it was giving multiple events as a single log.

As per our SIEM vendor, they cannot split the event log. So can you please let us know if this can be fixed from your side?

peter

Hello Pranav,

Although the API returns events in delimited JSON, the example script outputs the events in "stacked JSON" format, which some SIEM platforms find easier to interpret. If your SIEM instead requires strict JSON then you have several options:

• Modify the example script to do this.
• Use a different tool, such as the catocli https://github.com/catonetworks/cato-cli
• Engage Cato PS to create a custom script specific for your use case.