As mentioned previously, one benefit of MCAS is the ability to automate the uploading of log files. You can use either container or virtual appliance (deprecated) as your deployment mode.

Container involves running a Docker image with Ubuntu or RHEL as your OS and can handle up to 50 GB per hour.

Virtual appliance uses Hyper-V, but since this is a deprecated and less flexible method, I'll use the container option for the following steps.

To begin setting up automatic uploading, we'll create a data source, and then a log collector in the CAS portal settings. It's recommended you create a data source for each network device to facilitate better monitoring and investigation. The following steps show how to create a data source and log collector:

1. Go to the CAS portal (portal.cloudappsecurity.com), navigate to Settings, and click Log collectors:

2. Select Add data source..., as shown in the following screenshot:

3. Name the data source and configure it for your specific setup. Then, click on Add:

4. Select Log collectors | Add log collector...:

5. Your new data source will appear as an option. Configure the details for the machine you're using for collection and then save your work:

Next, you'll need to deploy your machine on site or in Azure. Depending on the OS, you'll follow varying steps, but they will generally all involve the following:

1. Download and install Docker.
2. Configure firewalls/proxies to export logs.
3. Verify your Log collectors dashboard in CAS shows that it's connected.