Splunk® Supported Add-ons

Splunk Add-on for Symantec Blue Coat ProxySG and ASG

Download manual as PDF

Download topic as PDF

Configure logging for backward compatibility with Symantec Blue Coat ProxySG

These instructions are available for backward compatibility.

Work with your Blue Coat ProxySG administrator to determine how best to present the ProxySG logs to your Splunk platform instance for ingestion. You have two options:

  1. You can push the logs continuously to the Splunk platform using syslog.
  2. You can send batches of logs to a file using FTP and configure your Splunk platform instance to monitor that file.

If you are using the default log format, bcreportermain_v1, you can use either method.

If you have customized either the fields or the order of the fields in your log, using the file monitoring input is a best practice, because the syslog collection method does not work by default with these customizations.

Configure Blue Coat ProxySG to send batches of logs to a file

If you want to monitor your logs in batched files, work with your admin to create a Log Facility to send logs to a file where your Splunk platform instance can monitor them. Follow the Blue Coat ProxySG documentation that matches your device and version.

You need to complete the following actions:

  • Select FTP client as the upload client for the Log Facility.
  • Provide the IP address of the FTP server on which you have installed the Splunk node that is responsible for data collection.
  • Specify a path for the logs.
  • Set the log schedule to produce logs periodically rather than continuously.

Next, follow the instructions to Configure inputs for the Splunk Add-on for Symantec Blue Coat ProxySG.

Configure Blue Coat ProxySG to push logs via syslog

If you want to push your logs continuously to the Splunk platform using syslog, work with your Blue Coat ProxySG administrator to create a Log Facility to perform a syslog push. Follow the Blue Coat ProxySG documentation that matches your device and version.

You need to complete the following actions:

  • Select Custom client as the upload client for the Log Facility.
  • Provide the IP address of the Splunk node that is responsible for data collection.
  • Enter the port of the TCP input in your Splunk platform instance that you want to listen for this data.
  • Set the log schedule to produce logs continuously rather than periodically.
  • Specify for the log files to be in text format rather than saved as gzip files.

Next, follow the instructions to Configure inputs for the Splunk Add-on for Symantec Blue Coat ProxySG.

PREVIOUS
Configure inputs for the Splunk Add-on for Symantec Blue Coat ProxySG
  NEXT
Lookups for the Splunk Add-on for Symantec Blue Coat ProxySG

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters