
Configure inputs for the Splunk Add-on for Symantec Blue Coat ProxySG
On the node responsible for your data collection, configure the input type that matches your configurations in your Blue Coat ProxySG SGOS administration console.
Configure a file monitor input
- Open or create
$SPLUNK_HOME/etc/apps/Splunk_TA_bluecoat-proxysg/local/inputs.conf
. - Copy and paste the following stanza into the file:
[monitor://<log path>] source = file.bluecoat sourcetype = bluecoat:proxysg:access:file disabled = false
- Replace
<log path>
with the log path, file name, and extension that you configured when you set up your Log Facility in SGOS to send logs over FTP. - Save the file.
- If you are using forwarders, configure forwarding by defining tcp outputs and then enabling a receiver.
- Restart the Splunk platform. If you have a distributed deployment, restart your forwarders and indexers.
Configure a syslog input
- Open or create
$SPLUNK_HOME/etc/apps/Splunk_TA_bluecoat-proxysg/local/inputs.conf
. - If you are using TCP, copy and paste the following stanza into the file:
[tcp://514] source = tcp.bluecoat sourcetype = bluecoat:proxysg:access:syslog disabled = false
- If you are using UDP, copy and paste the following stanza into the file.
[udp://514] source = udp.bluecoat sourcetype = bluecoat:proxysg:access:syslog disabled = false
- If you configured a port number other than 514 when set up your Log Facility in SGOS to push logs continuously over syslog, change the port number in the stanza heading to match.
- Save the file.
- If you are using forwarders, configure forwarding by defining tcp outputs and then enabling a receiver.
- Restart the Splunk platform. If you have a distributed deployment, restart your forwarder and indexers.
Verify your input is working
If you have a distributed deployment, go to your search head. Perform the following search to check that the Splunk platform is indexing events from your Blue Coat ProxySG logs:
sourcetype=bluecoat:proxysg:access*
PREVIOUS Configure logging in your Blue Coat ProxySG appliance for the Splunk Add-on for Symantec Blue Coat ProxySG |
NEXT Configure logging for backward compatibility with Symantec Blue Coat ProxySG |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!