CSV and CEF files can be created by workflow processes. This function exports all such files that are on the appliance.
Note: CEF/CSV files created by workflow processes can also be written to syslog. When that happens, those files are not available to be exported by the means described here. Those files should be accessed from syslog via other means.
To Export CSV and CEF files:
Select Administration Console > CSV/CEF Export.
In the Host box, enter the IP address or DNS host name of the host to receive the files.
the Directory box, identify the directory in which the data is to be stored. How you specify this depends on whether the file transfer method used is FTP or SCP. If you are unsure which file transfer method has been configured, use the show transfer-method CLI command (described in the CLI Appendix).
For FTP: Specify the directory relative to the FTP account home directory.
For SCP: Specify the directory as an absolute path.
In the Username box, enter the user name to use for logging in to the host machine. This user must have write/execute permissions for the directory specified in the Directory box (above).
In the Password box, enter the password for the above user, and enter it again in the Re-enter Password box.
Click the Apply button to save the configuration. The system will attempt to verify the configuration by sending a test data file to that location. If the operation fails, it displays an error message. If the test file is transmitted successfully, the buttons in the Scheduling panel will become active.
Do one of the following:
To export the files right now, click the Run Once Now button.
To schedule the export operation, click the Modify Schedule button. See Scheduling in the Common Tools book if you need help using the generic task scheduler.
To verify that files have been exported, check the Aggregation/Archive Log report on the Guardium Monitor tab. There should be a Send activity for each CSV or CEF file exported.