How are ProxySG Configuration and Policy changes tracked or logged?

book

Article ID: 168510

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The ProxySG will record what changes are made to the configuration in the Event Log (https://<ProxyIP>:8082/Eventlog/fetch=0xfffffff). These lines will appear in the log in the following format:

"Config admin at 10.10.10.10 'admin', enabled early intercept for service 'Internal HTTP'" 0 140002:7D svc_config_logger.cpp:60
"Config admin at 10.10.10.10 'admin', enabled detect protocol for service 'Internal HTTP'" 0 140002:7D svc_config_logger.cpp:60
"Administrator action, user 'admin', from 10.10.10.10', Viewed event log" 0 60003:7D cag_agent.cpp:1467
"Config admin at 10.10.10.10 'admin', changed health check 'auth.test' from Enabled to: Disabled: Healthy" 0 140002:7D cli_parse.hpp:268


The specifics of what each policy change entails are not logged, however all policy install actions are logged with the time and by whom:

"Config admin at 10.10.10.10 'admin', installed new VPM Policy File and VPM XML File (with 1 warnings)." 0 140002:7D cli_parse.hpp

For accurate activity tracking, Blue Coat recommends that each administrator (or set of administrators) has a unique login. See this topic for steps to configure administrator accounts to use an IWA authentication realm.