Problem working with BlueCoat and Firewall Analyzer
Support Team - Firewall Analyzer,
ManageEngine.
I am trying to integrate the proxy BlueCoat SG 5.x logs with the Firewall Analyzers.
#Software: SGOS 5.5.2.1
#Version: 1.0
#Start-Date: 2011-12-14 01:00:00
#Date: 2011-10-29 08:39:55
#Fields: date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content-Type) cs(Referer) cs(User-Agent) sc-filter-result cs-categories x-virus-id s-ip s-sitename
#Remark: 0909085023 "DCTSVP001" "111.212.111.221" "main"
2011-12-14 08:26:29 240062 10.2.214.137 200 TCP_TUNNELED 689 2764 CONNECT tcp toolbarqueries.google.com 443 / - lal - NONE 10.5.3.254 - - "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1" OBSERVED "Non-viewable" - 10.5.3.254
2011-12-14 08:26:39 1 10.2.214.27 407 TCP_DENIED 1205 812 GET http seclists.org 80 /openvas/2011/q2/384 - - - NONE - - http://seclists.org/openvas/2011/q2/383 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2" DENIED "Computers/Internet" - 10.5.3.254
2011-12-14 08:26:39 2 10.2.214.27 407 TCP_DENIED 1374 901 GET http seclists.org 80 /openvas/2011/q2/384 - - - NONE - - http://seclists.org/openvas/2011/q2/383 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2" DENIED "Computers/Internet" - 10.5.3.254
2011-12-14 08:26:40 28 10.2.214.27 407 TCP_DENIED 1205 722 GET http g.adspeed.net 80 /ad.php ?do=html&zid=14678&wd=728&ht=90&target=_top&tz=-1&ck=Y&jv=Y&scr=1280x1024x32&z=0.7293068815488368&ref=http%3A//seclists.org/openvas/2011/q2/383&uri=http%3A//seclists.org/openvas/2011/q2/384 - - NONE - - http://seclists.org/openvas/2011/q2/384 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2" DENIED "Web Advertisements" - 10.5.3.254
2011-12-14 08:26:40 39 10.2.214.27 407 TCP_DENIED 1374 811 GET http g.adspeed.net 80 /ad.php ?do=html&zid=14678&wd=728&ht=90&target=_top&tz=-1&ck=Y&jv=Y&scr=1280x1024x32&z=0.7293068815488368&ref=http%3A//seclists.org/openvas/2011/q2/383&uri=http%3A//seclists.org/openvas/2011/q2/384 - - NONE - - http://seclists.org/openvas/2011/q2/384 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2" DENIED "Web Advertisements" - 10.5.3.254
Thanks in advance.