How does reporter identify a user's AD group?
search cancel

How does reporter identify a user's AD group?


Article ID: 165931


Updated On:




Trying to create individual reports to view a users internet access, based on AD groups.
Currently I can only see the groups that are affected by rules within the Edge SWG (Bluecoat ProxySG).
Is there a way for reporter to search on AD groups that are not already in use on the Edge SWG (Bluecoat ProxySG)?


The Bluecoat reporter software used the the cs-auth-group field on the access logs to identify who is in what group.  This field captures a single group that an authenticated user belongs to. The Edge SWG (ProxySG) will only log "groups of interest", which basically correspond to group names that are explicitly matched against in policy. If there is no policy trigger referring to a particular group name in policy, the Edge SWG (ProxySG) won't try to figure out if the user is a member of any group, thus preventing users from logging in.

If a user belongs to multiple groups, the group logged is determined by the Group Log Order configuration specified in VPM. If the Group Log Order is not specified, an arbitrary group is logged. The steps to set the ‘group log order’ on the Edge SWG (ProxySG) VPM are as below.

To create the group log order list:

1. Select Configuration > Set Group Log Order; the Set Group Log Order dialog appears.
2. Click Add; the Add Group Object dialog appears.
3. In the Group Name field, enter the name of a group. The group must be already configured on the Edge SWG (ProxySG).
4. From the Authentication Realm drop-down list, select a realm.
5. Click OK.
6. Repeat as required to add more groups.
7. To order the list, select a group and click Move Up or Move Down until you achieve the desired order.
8. Click OK.

Other Reporter LDAP articles of interest:

For details on how to setup Reporter to use LDAP as it's authentication realm

For details on what fields your main access log should contain, see KB168187

For details on how to send your access logs to Reporter