Blue Coat ProxySG
When you configure Symantec (formerly Blue Coat) ProxySG to send log data to Sheriff CSM, you can use the Blue Coat Proxy plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
Plugin Information Device | Details |
Vendor | Symantec (formerly Blue Coat) |
Device Type | Proxy |
Connection Type | Syslog |
Data Source Name | bluecoat |
Data Source ID | 1642 |
Integrating ProxySG
Before you configure the ProxySG integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).
Follow the KB article from Symantec,
How do I write Access Log entries to a SYSLOG server?, to configure ProxySG to send log data to Sheriff CSM. From ProxySG's perspective, the Sheriff CSM Sensor acts as the syslog server. The TCP port number is 514.
Plugin Enablement
For plugin enablement information, see
Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation:
How do I enable Syslog on the ProxySG?
Symantec Technical Support