ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How are ProxySG Configuration and Policy changes tracked or logged?


Article ID: 168510


Updated On:


ProxySG Software - SGOS


The ProxySG will record what changes are made to the configuration in the Event Log (https://<ProxyIP>:8082/Eventlog/fetch=0xfffffff). These lines will appear in the log in the following format:

"Config admin at 'admin', enabled early intercept for service 'Internal HTTP'" 0 140002:7D svc_config_logger.cpp:60
"Config admin at 'admin', enabled detect protocol for service 'Internal HTTP'" 0 140002:7D svc_config_logger.cpp:60
"Administrator action, user 'admin', from', Viewed event log" 0 60003:7D cag_agent.cpp:1467
"Config admin at 'admin', changed health check 'auth.test' from Enabled to: Disabled: Healthy" 0 140002:7D cli_parse.hpp:268

The specifics of what each policy change entails are not logged, however all policy install actions are logged with the time and by whom:

"Config admin at 'admin', installed new VPM Policy File and VPM XML File (with 1 warnings)." 0 140002:7D cli_parse.hpp

For accurate activity tracking, Blue Coat recommends that each administrator (or set of administrators) has a unique login. See this topic for steps to configure administrator accounts to use an IWA authentication realm.