Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-360000959569.png

Blue Coat

BlueCoat enables you to monitor and identify threats, blocked websites, website page views, and malicious activities in your organization using data from BlueCoat. The integration normalizes BlueCoat events and enables you to analyze the data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

For Logpoint version:

7.4.0 or later 6.7.0 or later 6.0.0 to 6.6.6
Release Details
Version:5.1.0
Release date: May 7, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: 5cafb448a163d3ffd0a359f3a8e1856a50a6684aabc4759558a30ae0cd600a49
Download

Package Details

The application consists of the following components:

  1. Dashboard Package
    • LP_BlueCoat SG
  2. Normalization Package
    • LP_BlueCoat ProxySG 
    • LP_BlueCoat Audit
  3. Compiled Normalizer
    • BlueCoatnFMAINNormalizer

Enhancement

Description
Issue ID
Reference ID
Added Syslog Collector based BlueCoat log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-22631

 -

Installation 

Follow these steps to install the BlueCoat v5.0.1 application:

  1. Download the BlueCoat package from the Download section above.
  2. Add the BlueCoat server as the required device in LogPoint.
  3. Create a log collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the dashboard.

Screenshots

Screen3_1.png

Screenshot3_5.png

Supported Log Formats

  1. Format: bcreportermain_v1
    The fields in HTTP main logs:
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation. 
  2. Format: bcreportermain_plus
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation s-supplier-ip
  3. Format: bcreporterssl_v1
    The fields in HTTPS main logs:
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category
  4. Format: bcreporterssl_plus
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category s-supplier-ip
  5. Format: Customized log format
    date time time-taken c-ip cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata)

Supported Version

The supported version of BlueCoat with LogPoint in this configuration is:

  • Access Logs for BlueCoat SG/BlueCoat SG Proxy - SGOS 6.5.2.1 

To export data to LogPoint, use the Syslog collector on port 514 on the LogPoint server.

Release Details
Version:5.0.1
Release date:2020-05-14
Document date:2020-05-14
SHA 256: 201358cbf470ca2c1e37e15d2f4ac5fda6c321ca32b38a648fbabf08d30717d3
Download

Package Details

The application consists of the following components:

  1. Dashboard Package
    • LP_BlueCoat SG
  2. Normalization Package
    • LP_BlueCoat ProxySG 
    • LP_BlueCoat Audit
  3. Compiled Normalizer
    • BlueCoatnFMAINNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the BlueCoat v5.0.1 application:

  1. Download the BlueCoat package from the Download section above.
  2. Add the BlueCoat server as the required device in LogPoint.
  3. Create a log collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the dashboard.

Screenshots

Screen3_1.png

Screenshot3_5.png

Supported Log Formats

  1. Format: bcreportermain_v1
    The fields in HTTP main logs:
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation. 
  2. Format: bcreportermain_plus
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation s-supplier-ip
  3. Format: bcreporterssl_v1
    The fields in HTTPS main logs:
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category
  4. Format: bcreporterssl_plus
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category s-supplier-ip
  5. Format: Customized log format
    date time time-taken c-ip cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata)

Supported Version

The supported version of BlueCoat with LogPoint in this configuration is:

  • Access Logs for BlueCoat SG/BlueCoat SG Proxy - SGOS 6.5.2.1 

To export data to LogPoint, use the Syslog collector on port 514 on the LogPoint server.

Release Details
Version:3.5.0
Release date:2020-05-14
Document date:2020-05-14
SHA 256: f80f0ffb593b48f3a99f8f597079b4d0c5ba4cc4e9caeecf3d2ef992849bf45c
Download


Package Details

The application consists of the following components:

  1. Dashboard Package
    • LP_BlueCoat SG
  2. Normalization Package
    • LP_BlueCoat ProxySG 
    • LP_BlueCoat Audit

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation 

Follow these steps to install the BlueCoat v3.5.0 application:

  1. Download the BlueCoat package from the Download section above.
  2. Add the BlueCoat server as the required device in LogPoint.
  3. Create a log collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the dashboard.

Screenshots

screen4_7.png

screen7_8.png

Supported Log Formats

  1. Format: bcreportermain_v1
    The fields in HTTP main logs:
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation. 
  2. Format: bcreportermain_plus
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation s-supplier-ip
  3. Format: bcreporterssl_v1
    The fields in HTTPS main logs:
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category
  4. Format: bcreporterssl_plus
    date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-rs-certificate-observed-errors x-cs-ocsp-error x-rs-ocsp-error x-rs-connection-negotiated-cipher-strength x-rs-certificate-hostname x-rs-certificate-hostname-category s-supplier-ip
  5. Format: Customized log format
    date time time-taken c-ip cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata)

Supported Version

The supported version of BlueCoat with LogPoint in this configuration is:

  • Access Logs for BlueCoat SG/BlueCoat SG Proxy - SGOS 6.5.2.1 

To export data to LogPoint, use the Syslog collector on port 514 on the LogPoint server.

Support

If you have any queries or require assistance, create a support ticket.

Comments

Article is closed for comments.

Follow

Related articles

  • BoxAudit
  • Dell
  • CheckPoint Firewall
  • Bomgar
  • LogPoint-6.6.0 UpgradeHelper v3.0.0
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.