
Log in to the Blue Coat Management Console.
Work with your Blue Coat ProxySG administrator to create a custom format for this type of data collection. If you have customized either the fields or the order of the fields in your log, use the file monitoring input as a best practice.Ĭonfigure logging in your Blue Coat ProxySG appliance in the Key-Value format This format is only supported for Bluecoat ProxySG OS Versions 5.3.3, 6.5.x, 6.6.3.2, and 6.6.4.2.
You can push the logs continuously to the Splunk platform using syslog and the bcreportermain_v1 format.
You can send batches of log files using FTP and configure your Splunk platform instance to monitor those files. The configs for configuring key-value logs have been provided in this topic. This is the recommended format for use with syslog as the default bluecoat format is missing important information. You can collect syslog data using a key-value format. Work with your Blue Coat ProxySG administrator to determine how best to present the ProxySG logs to your Splunk platform instance for ingestion. Configure logging in your Blue Coat ProxySG appliance for the Splunk Add-on for Symantec Blue Coat ProxySG