Skip to main content
Skip table of contents

Flat File - Blue Coat Proxy BCREPORTERMAIN Format

Blue Coat is a proxy that provides security and monitoring capabilities for web users. Blue Coat supports multiple log formats, including the BCREPORTERMAIN format.

Prerequisites

The flat file collection mechanism used by the agent references a file and retains the last log read from the file by state tracking. The following information is required for flat file collection to function properly and should be gathered prior to configuring collection:

    • The LogRhythm System Monitor to collect the audit data from the flat file.
    • The name of the flat file to be accessed by the agent.


Configure BCREPORTERMAIN for Data Collection

By default, the Blue Coat Proxy Appliance is not enabled for audit access.

To enable logging on a Blue Coat Proxy Appliance:

  1. Select Configuration, click Access Logging, click General, and then click Default Logging.
  2. Select Enable. Cancel the selection to disable access logging.
  3. Click Apply to commit the changes to the Blue Coat appliance.
  4. To configure logging, click Configuration, click Access Logging, click Logs, and then click Logs.
    A log source must be configured to BCREPORTERMAIN format to be usable for this log format. Other formats may be available using the ELFF format provided by Blue Coat.

After you configure the device, you must also configure LogRhythm according to the instructions provided on the overview page of this guide. Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

The name of the log message source is Flat File– Blue Coat Proxy BCREPORTERMAIN Format. In addition, when configuring this log source:

  • For Log Message Processing Engine (MPE) Policy, select LogRhythm Default.
  • On the Flat File Settings tab, enter the following:
    • File Path. <path to log file, including the file name and extension>

    • Date Parsing Format. Select existing Blue Coat Proxy BCREPORTERMAIN: <yy>-<M>-<d> <h>:<m>:<s>

For information on Directory Collection, see the Add a Single Log Source topic in the NextGen SIEM Help. The file being collected must be viewable on the host with the agent using a standard file name path such as /var/log/logfile.txt or C:\logs\logfile.txt.

The file being collected must be viewable on the host with the agent using a standard file name path such as /var/log/logfile.txt or C:\logs\logfile.txt.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.