
Lookups for the Splunk Add-on for Symantec Blue Coat ProxySG
The Blue Coat proxy actions lookup defines the action
and transport
fields based on the vendor_action
field.
- File location:
$SPLUNK_HOME/etc/apps/Splunk_TA_bluecoat-proxysg/lookups/bluecoat_proxy_actions.csv
- Lookup fields:
vendor_action,action,transport
- Lookup contents:
vendor_action,action,transport ACCELERATED,allowed,socks ALLOWED,allowed,ftp DENIED,blocked,unknown FAILED,blocked,unknown LICENSE_EXPIRED,blocked,socks TUNNELED,allowed,unknown TCP_,unknown,tcp TCP_AUTH_HIT,allowed,tcp TCP_AUTH_MISS,allowed,tcp TCP_AUTH_REDIRECT,allowed,tcp TCP_CLIENT_REFRESH,allowed,tcp TCP_DENIED,blocked,tcp TCP_ERR_MISS,blocked,tcp TCP_HIT,allowed,tcp TCP_LOOP,blocked,tcp TCP_MEM_HIT,allowed,tcp TCP_MISS,allowed,tcp TCP_NC_MISS,allowed,tcp TCP_PARTIAL_MISS,allowed,tcp TCP_POLICY_REDIRECT,allowed,tcp TCP_REFRESH_HIT,allowed,tcp TCP_REFRESH_MISS,allowed,tcp TCP_RESCAN_HIT,allowed,tcp TCP_SPLASHED,allowed,tcp TCP_SWAPFAIL,blocked,tcp TCP_TUNNELED,allowed,tcp UDP_,unknown,udp UDP_DENIED,blocked,udp UDP_HIT,allowed,udp UDP_INVALID,blocked,udp UDP_MISS,allowed,udp UDP_MISS_NOFETCH,allowed,udp UDP_OBJ,allowed,udp NONE,unknown TCP_ACCELERATED,allowed,tcp TCP_MISS_RST,allowed,tcp TCP_NC_MISS_RST,allowed,tcp TCP_WEBSOCKET,allowed,tcp
PREVIOUS Configure logging for backward compatibility with Symantec Blue Coat ProxySG |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Hi,
just a little update: I think "TCP_CLIENT_REFRESH_RST" is missing here ;)
Best regards!