Splunk® Supported Add-ons

Splunk Add-on for Symantec Blue Coat ProxySG and ASG

Download manual as PDF

Download topic as PDF

Lookups for the Splunk Add-on for Symantec Blue Coat ProxySG

The Blue Coat proxy actions lookup defines the action and transport fields based on the vendor_action field.

  • File location: $SPLUNK_HOME/etc/apps/Splunk_TA_bluecoat-proxysg/lookups/bluecoat_proxy_actions.csv
  • Lookup fields: vendor_action,action,transport
  • Lookup contents:
    vendor_action,action,transport
    ACCELERATED,allowed,socks
    ALLOWED,allowed,ftp
    DENIED,blocked,unknown
    FAILED,blocked,unknown
    LICENSE_EXPIRED,blocked,socks
    TUNNELED,allowed,unknown
    TCP_,unknown,tcp
    TCP_AUTH_HIT,allowed,tcp
    TCP_AUTH_MISS,allowed,tcp
    TCP_AUTH_REDIRECT,allowed,tcp
    TCP_CLIENT_REFRESH,allowed,tcp
    TCP_DENIED,blocked,tcp
    TCP_ERR_MISS,blocked,tcp
    TCP_HIT,allowed,tcp
    TCP_LOOP,blocked,tcp
    TCP_MEM_HIT,allowed,tcp
    TCP_MISS,allowed,tcp
    TCP_NC_MISS,allowed,tcp
    TCP_PARTIAL_MISS,allowed,tcp
    TCP_POLICY_REDIRECT,allowed,tcp
    TCP_REFRESH_HIT,allowed,tcp
    TCP_REFRESH_MISS,allowed,tcp
    TCP_RESCAN_HIT,allowed,tcp
    TCP_SPLASHED,allowed,tcp
    TCP_SWAPFAIL,blocked,tcp
    TCP_TUNNELED,allowed,tcp
    UDP_,unknown,udp
    UDP_DENIED,blocked,udp
    UDP_HIT,allowed,udp
    UDP_INVALID,blocked,udp
    UDP_MISS,allowed,udp
    UDP_MISS_NOFETCH,allowed,udp
    UDP_OBJ,allowed,udp
    NONE,unknown
    TCP_ACCELERATED,allowed,tcp
    TCP_MISS_RST,allowed,tcp
    TCP_NC_MISS_RST,allowed,tcp
    TCP_WEBSOCKET,allowed,tcp
    
PREVIOUS
Configure logging for backward compatibility with Symantec Blue Coat ProxySG
 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Comments

Hi,

just a little update: I think "TCP_CLIENT_REFRESH_RST" is missing here ;)

Best regards!

Jbrocks
August 21, 2019

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters