Lookups for the Splunk Add-on for Symantec Blue Coat ProxySG
The BlueCoat Proxy actions lookup defines the action and transport fields based on the vendor_action field. The file is located at: $SPLUNK_HOME/etc/apps/Splunk_TA_bluecoat-proxysg/lookups/bluecoat_proxy_actions.csv
| Vendor Action | Action | Transport |
|---|---|---|
| ACCELERATED | allowed | socks |
| ALLOWED | allowed | ftp |
| DENIED | blocked | unknown |
| FAILED | failed | unknown |
| LICENSE_EXPIRED | blocked | socks |
| TUNNELED | allowed | unknown |
| TCP_ | unknown | tcp |
| TCP_AUTH_HIT | allowed | tcp |
| TCP_AUTH_MISS | allowed | tcp |
| TCP_AUTH_REDIRECT | allowed | tcp |
| TCP_CLIENT_REFRESH | allowed | tcp |
| TCP_DENIED | blocked | tcp |
| TCP_ERR_MISS | failed | tcp |
| TCP_HIT | allowed | tcp |
| TCP_LOOP | blocked | tcp |
| TCP_MEM_HIT | allowed | tcp |
| TCP_MISS | allowed | tcp |
| TCP_NC_MISS | allowed | tcp |
| TCP_PARTIAL_MISS | allowed | tcp |
| TCP_POLICY_REDIRECT | allowed | tcp |
| TCP_REFRESH_HIT | allowed | tcp |
| TCP_REFRESH_MISS | allowed | tcp |
| TCP_RESCAN_HIT | allowed | tcp |
| TCP_SPLASHED | allowed | tcp |
| TCP_SWAPFAIL | failed | tcp |
| TCP_TUNNELED | allowed | tcp |
| UDP_ | unknown | udp |
| UDP_DENIED | blocked | udp |
| UDP_HIT | allowed | udp |
| UDP_INVALID | failed | udp |
| UDP_MISS | allowed | udp |
| UDP_MISS_NOFETCH | allowed | udp |
| UDP_OBJ | allowed | udp |
| NONE | unknown | |
| TCP_ACCELERATED | allowed | tcp |
| TCP_MISS_RST | allowed | tcp |
| TCP_NC_MISS_RST | allowed | tcp |
| TCP_WEBSOCKET | allowed | tcp |
| TCP_CLIENT_REFRESH_RST | blocked | tcp |
Last modified on 15 September, 2022
| Troubleshoot the Splunk Add-on for Symantec Blue Coat ProxySG | Sourcetypes for the Splunk Add-on for Symantec Blue Coat ProxySG |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!