1. If not already done, login to the ProxySG management console.
2. Click the Configuration tab, and navigate to Access Logging > General.
3. Near the upper left corner of Default Logging tab, make sure the Enable Access Logging
checkbox is marked, as shown below.
1. On the Configuration tab, navigate to Access Logging > Formats.
2. On the Log Format tab click New. The Create Format box opens as shown below:
3. Enter a name for the format, for example "Elastica_SpanVA_Format."
4. Mark the W3C Extended Log File Format (ELFF) string radio button.
5. In the ELFF string text box, enter the header fields, separated by spaces, that are desired
to be exported in the logs. Then click OK. The example above shows a sample set of header
fields.
Make sure to configure all mandatory fields as listed below. Click Test Format to check if all the fields are valid.
The following fields must be present in the logs uploaded to Elastica Audit application.
● date and time OR timestamp OR gmttime
● c-ip OR cs-username
● cs-host OR cs-uri
● cs-bytes
● sc-bytes
● cs-uri-scheme OR cs-protocol
The following fields provide additional analytics if present.
● c-port
● s-action
● cs(Referer)
● cs(User-Agent) OR c-agent
● cs-uri-path
● r-ip OR s-supplier-ip (required for destinations support)
1. On the Configuration tab, navigate to Access Logging > Logs.
2. On the Logs tab, click New as shown below.
3. On the Create Logs box, give the log a name such as "Elastica_SpanVA" and set the Log
Format to Elastica_SpanVA_Format as shown below. Add a unique description of desired.
4. Click OK to create the new log.
5. On the Management Console, click Apply to commit the new configuration.
1. On the Configuration > Access Logging > Logs tab, click the Upload Client tab.
2. From the Logs menu, choose the SpanVA access log created earlier.
3. For Client type, choose FTP Client and click Settings.
4. Configure the following settings as shown on the CloudSOC Datasource Details panel in
the section Create a CloudSOC datasource for the ProxySG:
● Host
● Path (Destination Directory)
● Username
● Password
Note: If the CloudSOC Datasource Details panel shows a path of the form
"/home/ds_xxxxxxxxxxxxxxxxxxxxxxxxx/datasources/yyyyyyyyyyyyyyyyyyyyyy," it's possible
to shorten it to just "datasources/yyyyyyyyyyyyyyyyyyyyyy" in order to stay within the
character limit of the ProxySG Path text box. Do not use a preceding "/" in the shortened
path. This applies to SCP as well as the FTP connections described in this procedure.
5. Leave the Filename box as-is.
6. Mark the Use secure connections checkbox if required for the ProxySG to send logs using
SSL. For this option, make sure that the appropriate certificates are configured on the SpanVA.
7. Click OK , then click Apply to commit the changes.
1. In Management Console, click the Upload Schedule tab.
2. From the Log menu, choose the access log configured in the step: Create an access log for
SpanVA.
3. Create an access schedule that meets the requirment. It's recommend to configure the
ProxySG to send logs to SpanVA on 30 minute intervals.
4. Click Apply.
1. In the ProxySG Management Console, navigate to Configuration (tab) > Policy > Visual
Policy Manager.
2. Click Launch.
3. In Visual Policy Manager, choose Policy > Add Web Access Layer.
4. Name the new layer "Elastica SpanVA" or similar.
5. In the one rule row for the new layer, right-click on Action and choose Set.
6. On the Set Action Object box, click New and then choose Modify Access Logging .
7. On the Add Access Logging Object box, click Enable logging to: and choose the entry for
Elastica SpanVA.
8. Click OK to close the Add Access Logging Object box.
9. Click OK to close the Set Action Object box.
10. In Visual Policy Manager, click Install Policy to commit the changes to the device.
The access logs will now be sent in the newly created format by the schedule configured.
It's possible to configure HTTPS file transfer. For this please find the instructions in the attached TechNote, Tech Note--Audit Support for Blue Coat ProxySG.