proxy.bluecat
- Juan Tomás Alonso Nieto (Unlicensed)
The log events generated by the Symantec ProxySG, formerly by Blue Coat Systems, are assigned tags that start with proxy.bluecoat.
Since there is no facility for applying the Devo tag in the source system, the events should be forwarded to a Devo Relay.
Tag structure
The full tag must have four levels. The first two are fixed as proxy.bluecoat. The third level identifies the technology type and must be proxysg. The fourth element is fixed and must be main.
Technology | Brand | Type | Subtype |
|---|---|---|---|
proxy | bluecoat | proxysg |
|
For more information, read more about Devo tags.
Devo Relay rules
You need to define two relay rules as described below. It is important the rules run in the specified order on the relay - Rule 1 must come before Rule 2.
Rule 1: Drop all events received on the port that start with #
- Source Port → 13005
- Source Data → ^#.*
- Check the Stop Processing and Drop Event checkboxes
Rule 2: Tag all other events received on the port as proxy.bluecoat.proxysg.main.
- Source Port → 13005
- Target Tag → proxy.bluecoat.proxysg.main
- Check the Sent without syslog tag checkbox
