When you configure Symantec (formerly Blue Coat) ProxySG to send log data to USM Anywhere, you can use the Bluecoat W3C plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
|Vendor||Symantec (formerly Blue Coat)|
Before you configure the ProxySG integration, you must have the IP Address of the USM Anywhere Sensor.
Follow the KB article from Symantec, How do I write Access Log entries to a SYSLOG server?, to configure ProxySG to send log data to USM Anywhere. From ProxySG's perspective, the USM Anywhere Sensor acts as the syslog server. The TCP port number is
For plugin enablement information, see Manual Integration Management.
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation: