Forum Discussion

Joining the Conversation

2 months ago

Multiple events are getting as a single log while pulling the events from the CATO using the API

Hi Team, We are using the cato-toolbox and using the cloud RIN, we are fetching the events from the CATO SASE. https://github.com/catonetworks/cato-toolbox/tree/main/eventsfeed With this help we a...

peter

Cato Employee

2 months ago

Hello Pranav,

Although the API returns events in delimited JSON, the example script outputs the events in "stacked JSON" format, which some SIEM platforms find easier to interpret. If your SIEM instead requires strict JSON then you have several options:

Modify the example script to do this.
Use a different tool, such as the catocli https://github.com/catonetworks/cato-cli
Engage Cato PS to create a custom script specific for your use case.

pranav
Joining the Conversation
2 months ago
Hi Peter,
Our SIEM vendor does not require strict JSON. They have first used cato toolbox and had the same issue. Can you please confirm using catocli will solve the multiple events as a single log issue?
- peter
  Cato Employee
  2 months ago
  Hello Pranav,
  
  Without knowing in precise detail the capabilities of the SIEM it is difficult to confirm anything either way. catocli is definitely a good option to try.
  
  Regards,
  
  Peter

Forum Discussion

Multiple events are getting as a single log while pulling the events from the CATO using the API

Recent Discussions

DNS Forwarding When Overriding Account-Level DNS Settings

Block access to local/home network for Cato Client – force all traffic through Cato tunnel

DNS Forwarding off Private Access

SDP Users - IPV6

Degraded Sockets in High Availability