Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035234 - Unable to Capture Bluecoat Proxy Logs Properly in RSA Security Analytics 10.5+

Document created by RSA Customer Support

on Jun 21, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035234
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: SA Log Decoder RSA Version/Condition: 10.5+
Issue	The following gibberish errors are noticed in the /var/log/messages on the logdecoder appliance when trying to send SYSLOG events from BlueCoat ProxySG SGOS: May 25 04:25:48 NwLogDecoder[7733]: [SYSLOG] [warning] Unidentified content from xxx.xxx.xxx.xxx received on receiver: 'X??!Q??,???4T???%D?^?rO?_?????%??=jU?D??/????X_?h_?a???71???(??]'????????1??Y"???{d?b$P?3??????/h{0C'
Cause	This happens when BlueCoat ProxySG SGOS is sending SYSLOG events in GZIP format.
Resolution	Speak with BlueCoat admin and ask to log in to Blue Coat's admin page and change the parameter "Save the log file as:" to "text file" under "Upload Client" > "Transmission Parameters" as indicated below :
Notes	This has already been reported to DOC team and in process of amending the Integration Guide for Blue Coat ProxySG SGOS

Attachments

Outcomes

0 Comments

Recommended Content