Blue Coat Sg - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

8 B
A STRM Blue Coat SG DSM accepts syslog events from a Blue Coat SG
Appliance. STRM records all relevant and available information from the event.
Before configuring a Blue Coat SG device in STRM, you must configure your
device to send syslog to STRM.
For more information regarding your Blue Coat SG Appliance, see your vendor
documentation.
To configure your Blue Coat SG device to send syslog to STRM:
Using a web browser, log in to the Blue Coat Management Console.
Step 1
From the menu, select Access Logging > General > Default > Default Logging.
Step 2
Make sure the Enable Access Logging check box is selected.
Step 3
Select the Protocol you wish to use for logging to STRM. Click Edit.
Step 4
From the Default Logging Policy option, select Streaming, which is used for
Step 5
streaming protocols.
Click Apply.
Step 6
From the menu, select Access Logging > Formats > Streaming.
Step 7
Click Edit.
Step 8
Make sure that the W3C Extended File Format (ELFF) string is enabled with the
Step 9
default:
c-ip date time c-dns cs-uri-scheme cs-host cs-uri-port
cs-uri-path cs-uri-query c-starttime x-duration c-rate c-status
c-playerid c-playerversion c-playerlanguage cs(User-Agent)
cs(Referer) c-hostexe
filelength filesize avgbandwidth protocol transport audiocodec
videocodec channelURL sc-bytes c-bytes s-pkts-sent
c-pkts-received c-pkts-lost-client c-pkts-lost-net
c-pkts-lost-cont-net c-resendreqs c-pkts-recovered-ECC
c-pkts-recovered-resent c-buffercount c-totalbuffertime
c-quality s-ip s-dns s-totalclients s-cpu-util x-cache-user
x-cache-info x-client-address
C
LUE OAT
Configuring DSMs Guide
SG
c-hostexever c-os c-osversion c-cpu