Bluecoat Proxy
This Quick Start Guide provides log configuration details for SMA support: W3C and SQUID using FTP hosting (Linux/Windows).
Support Specifications:
Version: 6.5 and later
Configuration Prerequisites:
Prerequisite | Description | For additional details, see... |
---|---|---|
1. Access to Oracle Management Cloud | You must have an Oracle Cloud account containing an OMC instance with administrator privileges. | How Do I Access Oracle Management Cloud? in Managing and Monitoring Oracle Cloud |
2. The FTP Server configured with default settings | The FTP server is your log host (OMC entity), where log sources upload and store logs. | Deploy an FTP Server in Symantec's Reporter 10.x WebGuide |
3. Cloud agent(s) installed and Log Analytics licensing enabled | Have a Cloud Agent installed on the FTP server. This host will be discovered as an entity in OMC. | Install the Cloud Agent and Enable Oracle Log Analytics in Using Log Analytics Environment Requirements in Installing and Managing Oracle Management Cloud Agents |
4. Security Monitoring and Analytics licensing enabled | Note that SMA Data Enrichment is disabled by default. | Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud |
Configuration Steps:
Procedure | Task requirements | For additional details, see... |
---|---|---|
STEP 1. - Configure the Blue Coat SG proxy to upload logs to your FTP server (OMC entity). | Ensure that your logs provide the field list and data format as indicated in the W3C Logs Format and SQUID Logs Format section. | Upload Access Logs to FTP Server in Symantec's Reporter 10.x WebGuide |
STEP 2. - Add an Entity Association to support the new logs in OMC using Log Analytics. | Associate Bluecoat Proxy W3C Logs and/or Bluecoat Proxy SQUID Logs with your OMC entity (the FTP server where you installed the OMC agent). Ensure that the logs follow the formats as listed below, accordingly.
Note: the log directory under File Name Pattern must align with the logs directory on your FTP server. |
Security Device Sources Associating Log Sources to Existing Entities in Using Oracle Log Analytics |
STEP 3. - Validate your log collection. | Confirm your setup was successful. | Validate Log Collections |
W3C Logs Format
Field list order and data format for Bluecoat Proxy W3C Logs
date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri cs-username s-hierarchy s-supplier-name rs(Content-Type) cs(User-Agent) sc-filter-result sc-filter-category x-virus-id s-ip s-sitename x-virus-details x-icap-error-code x-icap-error-details
SQUID Logs Format
Format for Bluecoat Proxy SQUID Logs
%g %e %a %w/%s %b %m %i %u %H/%d %c