Gayan Acclaimed Contributor.
Acclaimed Contributor.
625 views

Bluecoat message not pass to the fields

I have installed syslog connector for collect bluecoat logs. I added to the esm and I noticed all message list under name column . What is the reason it?

Mr
Labels (2)
0 Likes
14 Replies
Super Contributor.. ankitsynx Super Contributor..
Super Contributor..

Re: Bluecoat message not pass to the fields

Bluecoat syslog connector has parsing issues.
Install the Bluecoat File Multiserver File connector instead. You will get logs correctly parsed.

Ankit
0 Likes
Gayan Acclaimed Contributor.
Acclaimed Contributor.

Re: Bluecoat message not pass to the fields

Hi Ankit,

If I select Bluecoat File Multiserver File connector then does it matches all event fields without any configuration changes ?

Mr
0 Likes
Gayan Acclaimed Contributor.
Acclaimed Contributor.

Re: Bluecoat message not pass to the fields

0 Likes
Super Contributor.. ankitsynx Super Contributor..
Super Contributor..

Re: Bluecoat message not pass to the fields

yes, it is Blue Coat Proxy SG Multiple Server File connector.
Also this will match all the Fields correctly.

But you will have to configure proxy to forwards log files through FTP. Refer the configuration guide for setting it up.

Ankit
0 Likes
Gayan Acclaimed Contributor.
Acclaimed Contributor.

Re: Bluecoat message not pass to the fields

Untitled.png

this is my BC configuration. in such situation how do I configure my connector?

Mr
0 Likes
rhope Acclaimed Contributor.
Acclaimed Contributor.

Re: Bluecoat message not pass to the fields

Sent you a message off thread

0 Likes
ateeshbhat Trusted Contributor.
Trusted Contributor.

Re: Bluecoat message not pass to the fields

Greetings,

1. We have built a new VM(server) for FTP and tagged a folder on the server with BlueCoat Proxy for uploading the logs.

2.Got the SmartConnector installed on the FTP server. However, it seems not through.

Kindly suggest!

0 Likes
Gayan Acclaimed Contributor.
Acclaimed Contributor.

Re: Bluecoat message not pass to the fields

Does connector receive logs from bluecoat?

Mr
0 Likes
ateeshbhat Trusted Contributor.
Trusted Contributor.

Re: Bluecoat message not pass to the fields

Nope!

It does not and I have done the Baselining at the BlueCoat end as well as per the baseline docs.

Regards,

Ateesh

0 Likes
Trusted Contributor.. zulfi_rulz1 Trusted Contributor..
Trusted Contributor..

Re: Bluecoat message not pass to the fields

Hi Ateesh,

Is the log file being transferred from your BlueCoat SG appliance to your VM successfully? Did you try the "Test Upload" option on the BlueCoat appliance to upload the log files instantly?

Is there connectivity between your BC SG appliance and your FTP server? Ensure there's no FW blocking ports TCP 20,21.

BR,

Zulfi

0 Likes
ateeshbhat Trusted Contributor.
Trusted Contributor.

Re: Bluecoat message not pass to the fields

Thanks for responding, Zulfi,

1. Test upload does not work on main and ssl but for others, but can not see the logs on the FTP server.

2. Under Host tab, in the screenshot below - Have added the FTP server IP.

3. Path: Folder name only - no path as such as I want in the folder itself without creating a Sub-folder.

4. Built Firewall rule on the server to allow FTP traffic on port 20 and 21.

Kindly suggest

2.png1.png3.png

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.