1 Reply Latest reply on Feb 28, 2013 7:59 AM by Chris Boldiston

    Bluecoat Reporter - Bandwidth Usage Reports

    haroot

      Hi,

       

          We have a requirement to integrate Bluecoat Reporter with Mcafee SIEM.We have created the ASP parser for the traffic logs and we are able to successfully parse the events except certain fields which we are not able to map.

       

       

      In this scenario the customer is expecting the following reports to start with:

       

      1:Top 20 Users by  bandwidth Usage

       

      2: Top ten sites by Total Bytes

       

      3: Bandwidth Usage per day

       

       

      Now the catch with Bluecoat logs is that the bytes field is boken into sc-bytes and cs-bytes.The sum of these two fields will give us the total bandwidth.Sample attached in screenshot 1.Bluecoat.jpg

       

       

      My challenge here is :

       

       

      1: Can I create custom fields for sc-bytes & cs- bytes

      2: How to define SUM of sc-bytes & cs-bytes to calculate the TOTAL BYTES

      3: How to define the TOTAL BYTES FIELD.

       

       

      Please advise.

       

       

      If required I can share the ASP Parser that i had created.

       

       

      Haroot