SNS ProTip for SIEM: How to configure Bluecoat System Event Log

Version 1

    To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

     

    Are you trying to set up a Bluecoat proxy device to your McAfee SIEM?  In order for it to work, you need to enable syslog monitoring on your Bluecoat proxy device and format the logs correctly.

     

    You can find the setting and steps to configure the Bluecoat proxy device in KB74845 - How to configure Bluecoat System Event Log.

     

    For more resources, visit the McAfee KnowledgeBase and search for SIEM-related KBs and visit the McAfee SIEM Community