Article Number | 000035234 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Log Decoder RSA Version/Condition: 10.5+ |
Issue | The following gibberish errors are noticed in the /var/log/messages on the logdecoder appliance when trying to send SYSLOG events from BlueCoat ProxySG SGOS:
May 25 04:25:48 NwLogDecoder[7733]: [SYSLOG] [warning] Unidentified content from xxx.xxx.xxx.xxx received on receiver: 'X??!Q??,???4T???%D?^?rO?_?????%??=jU?D??/????X_?h_?a???71???(??]'????????1??Y"???{d?b$P?3??????/h{0C'
|
Cause | This happens when BlueCoat ProxySG SGOS is sending SYSLOG events in GZIP format. |
Resolution | Speak with BlueCoat admin and ask to log in to Blue Coat's admin page and change the parameter "Save the log file as:" to "text file" under "Upload Client" > "Transmission Parameters" as indicated below :
 |
Notes | This has already been reported to DOC team and in process of amending the Integration Guide for Blue Coat ProxySG SGOS |