Up
Previous Next

Sheriff CSMâ„¢

Blue Coat ProxySG

When you configure Symantec (formerly Blue Coat) ProxySG to send log data to Sheriff CSM, you can use the Blue Coat Proxy plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor Symantec (formerly Blue Coat)
Device Type Proxy
Connection Type Syslog
Data Source Name bluecoat
Data Source ID 1642

Integrating ProxySG

Before you configure the ProxySG integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

Follow the KB article from Symantec, How do I write Access Log entries to a SYSLOG server?, to configure ProxySG to send log data to Sheriff CSM. From ProxySG's perspective, the Sheriff CSM Sensor acts as the syslog server. The TCP port number is 514.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

For troubleshooting, refer to the vendor documentation:

How do I enable Syslog on the ProxySG?

Symantec Technical Support
Topic revision: r7 - 28 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.