{"id":4454,"date":"2018-10-23T08:50:09","date_gmt":"2018-10-23T08:50:09","guid":{"rendered":"http:\/\/www.tsls.co.uk\/?p=4454"},"modified":"2024-04-22T08:56:53","modified_gmt":"2024-04-22T08:56:53","slug":"microsoft-cloud-app-security-cas-squid","status":"publish","type":"post","link":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/","title":{"rendered":"Microsoft Cloud App Security (CAS) and Squid"},"content":{"rendered":"<p>The below are the high level steps to configure squid syslog to Microsoft Cloud App security using the CASCollector (an ubuntu vm which runs on Azure\\Hyper-V\\AWS)<\/p>\n<h2>Install CAS Collector<\/h2>\n<p>Follow steps here: https:\/\/docs.microsoft.com\/en-gb\/cloud-app-security\/discovery-docker-ubuntu-azure<\/p>\n<p>Summary of commands below which are run on the CASCollector Ubuntu server<\/p>\n<p>sudo -i<\/p>\n<p>curl -o \/tmp\/MCASInstallDocker.sh https:\/\/adaprodconsole.blob.core.windows.net\/public-files\/MCASInstallDocker.sh &#038;&#038; chmod +x \/tmp\/MCASInstallDocker.sh; \/tmp\/MCASInstallDocker.sh<\/p>\n<p>(echo cb83b3f208347603e38ea2816c7503ec257159001225001c2b8efa6e06f49951) | docker run &#8211;name CASLogCollector -p 514:514\/udp -p 21:21 -p 20000-20099:20000-20099 -e &#8220;PUBLICIP=&#8217;10.10.10.12&#8242;&#8221; -e &#8220;PROXY=&#8221; -e &#8220;SYSLOG=true&#8221; -e &#8220;CONSOLE=cas.eu2.portal.cloudappsecurity.com&#8221; -e &#8220;COLLECTOR=CASLogCollector&#8221; &#8211;security-opt apparmor:unconfined &#8211;cap-add=SYS_ADMIN &#8211;restart unless-stopped -a stdin -i microsoft\/caslogcollector starter<\/p>\n<p>sudo docker logs UKADLogCollector<\/p>\n<p>Confirm it is running<\/p>\n<h2>Install IP Traffic monitor (to review incoming syslogs)<\/h2>\n<p>On the CASCollector Ubuntu server<br \/>\nSudo apt-get install iptraf<\/p>\n<h2>Setup SQUID (note squid 2.7 at minimum is required for syslog support)<\/h2>\n<p>Open Squid.config and make sure the following 2 entries exist<\/p>\n<p>access_log C:\/ClientSiteProxy\/var\/logs\/access.log squid<br \/>\naccess_log udp:\/\/172.18.1.150:514 squid<\/p>\n<p>Save the file and then restart the squid service <\/p>\n<p>The &#8220;squid&#8221; value at the end of the path sets the format to native, Microsoft CAS (out of the box) supports Native and Common, customised formats can be created but we are keeping this simple.<\/p>\n<p>Make sure the CAS data source is selected with the format Squid (Native)<\/p>\n<h2>Troubleshooting<\/h2>\n<p>Review &#8220;sudo iptraf&#8221; network traffic and confirm you can see the incoming UDP traffic on the log collector<br \/>\nReview the governance logs from the CAS portal (gear icon > governance log)<br \/>\nInstall a separate syslog receiver test tool (confirm syslog traffic is appearing)<br \/>\nInstall a separate syslog transmitter test tool (confirm syslog udp traffic is appearing) <\/p>\n<p>NB: this article relates to squid 2.7 or above and Symantec client site proxy (was known as messagelabs)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The below are the high level steps to configure squid syslog to Microsoft Cloud App security using the CASCollector (an ubuntu vm which runs on Azure\\Hyper-V\\AWS) Install CAS Collector Follow steps here: https:\/\/docs.microsoft.com\/en-gb\/cloud-app-security\/discovery-docker-ubuntu-azure Summary of<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[21],"tags":[2784,2664,2654,2551],"class_list":["post-4454","post","type-post","status-publish","format-standard","hentry","category-microsoft","tag-cas","tag-cloud-app-security","tag-mcas","tag-microsoft"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.9.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\r\n<title>Microsoft Cloud App Security (CAS) and Squid - TSLS - Luke Smith<\/title>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_GB\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"Microsoft Cloud App Security (CAS) and Squid - TSLS - Luke Smith\" \/>\r\n<meta property=\"og:description\" content=\"The below are the high level steps to configure squid syslog to Microsoft Cloud App security using the CASCollector (an ubuntu vm which runs on AzureHyper-VAWS) Install CAS Collector Follow steps here: https:\/\/docs.microsoft.com\/en-gb\/cloud-app-security\/discovery-docker-ubuntu-azure Summary of\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/\" \/>\r\n<meta property=\"og:site_name\" content=\"TSLS - Luke Smith\" \/>\r\n<meta property=\"article:published_time\" content=\"2018-10-23T08:50:09+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2024-04-22T08:56:53+00:00\" \/>\r\n<meta name=\"author\" content=\"Luke Smith\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Luke Smith\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/\",\"url\":\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/\",\"name\":\"Microsoft Cloud App Security (CAS) and Squid - TSLS - Luke Smith\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsls.co.uk\/#website\"},\"datePublished\":\"2018-10-23T08:50:09+00:00\",\"dateModified\":\"2024-04-22T08:56:53+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsls.co.uk\/#\/schema\/person\/e4d7dac4fe1b3f8df31f3857bb3ebda7\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsls.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Cloud App Security (CAS) and Squid\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsls.co.uk\/#website\",\"url\":\"https:\/\/www.tsls.co.uk\/\",\"name\":\"TSLS - Luke Smith\",\"description\":\"- Knowledge - Thoughts - Microsoft -\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsls.co.uk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsls.co.uk\/#\/schema\/person\/e4d7dac4fe1b3f8df31f3857bb3ebda7\",\"name\":\"Luke Smith\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.tsls.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/29abc50f07a4ebe68cb4f31981884f89b2157d7e4ed63b09631d40c0717faa94?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/29abc50f07a4ebe68cb4f31981884f89b2157d7e4ed63b09631d40c0717faa94?s=96&d=mm&r=g\",\"caption\":\"Luke Smith\"},\"description\":\"I\u2019ve been working with Microsoft Technologies for over 20 years, my main focus now being Microsoft Online Services. I manage the Cloud Services at ElysianIT Limited and as a P-SELLER at Microsoft. I have worked with many organisations from SMC to Enterprise. I\u2019ve been working with Microsoft Technologies since DOS 5.0, to date I have been working on Microsoft\u2019s latest cloud technology Windows Azure, Windows 10 Office 365 and Microsoft SharePoint\",\"sameAs\":[\"http:\/\/www.tsls.co.uk\"],\"url\":\"https:\/\/www.tsls.co.uk\/index.php\/author\/luke\/\"}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Cloud App Security (CAS) and Squid - TSLS - Luke Smith","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/","og_locale":"en_GB","og_type":"article","og_title":"Microsoft Cloud App Security (CAS) and Squid - TSLS - Luke Smith","og_description":"The below are the high level steps to configure squid syslog to Microsoft Cloud App security using the CASCollector (an ubuntu vm which runs on AzureHyper-VAWS) Install CAS Collector Follow steps here: https:\/\/docs.microsoft.com\/en-gb\/cloud-app-security\/discovery-docker-ubuntu-azure Summary of","og_url":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/","og_site_name":"TSLS - Luke Smith","article_published_time":"2018-10-23T08:50:09+00:00","article_modified_time":"2024-04-22T08:56:53+00:00","author":"Luke Smith","twitter_misc":{"Written by":"Luke Smith","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/","url":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/","name":"Microsoft Cloud App Security (CAS) and Squid - TSLS - Luke Smith","isPartOf":{"@id":"https:\/\/www.tsls.co.uk\/#website"},"datePublished":"2018-10-23T08:50:09+00:00","dateModified":"2024-04-22T08:56:53+00:00","author":{"@id":"https:\/\/www.tsls.co.uk\/#\/schema\/person\/e4d7dac4fe1b3f8df31f3857bb3ebda7"},"breadcrumb":{"@id":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsls.co.uk\/index.php\/2018\/10\/23\/microsoft-cloud-app-security-cas-squid\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsls.co.uk\/"},{"@type":"ListItem","position":2,"name":"Microsoft Cloud App Security (CAS) and Squid"}]},{"@type":"WebSite","@id":"https:\/\/www.tsls.co.uk\/#website","url":"https:\/\/www.tsls.co.uk\/","name":"TSLS - Luke Smith","description":"- Knowledge - Thoughts - Microsoft -","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsls.co.uk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.tsls.co.uk\/#\/schema\/person\/e4d7dac4fe1b3f8df31f3857bb3ebda7","name":"Luke Smith","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.tsls.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/29abc50f07a4ebe68cb4f31981884f89b2157d7e4ed63b09631d40c0717faa94?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/29abc50f07a4ebe68cb4f31981884f89b2157d7e4ed63b09631d40c0717faa94?s=96&d=mm&r=g","caption":"Luke Smith"},"description":"I\u2019ve been working with Microsoft Technologies for over 20 years, my main focus now being Microsoft Online Services. I manage the Cloud Services at ElysianIT Limited and as a P-SELLER at Microsoft. I have worked with many organisations from SMC to Enterprise. I\u2019ve been working with Microsoft Technologies since DOS 5.0, to date I have been working on Microsoft\u2019s latest cloud technology Windows Azure, Windows 10 Office 365 and Microsoft SharePoint","sameAs":["http:\/\/www.tsls.co.uk"],"url":"https:\/\/www.tsls.co.uk\/index.php\/author\/luke\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p2gf1k-19Q","_links":{"self":[{"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/4454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=4454"}],"version-history":[{"count":1,"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/4454\/revisions"}],"predecessor-version":[{"id":4464,"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/4454\/revisions\/4464"}],"wp:attachment":[{"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=4454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=4454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsls.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=4454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}