[rsyslog-notify] Forum Thread: Re: BlueCoat SG and Rsyslog - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Dec 30 23:03:49 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26255#p26255
Message:
----------
asking for help processing the bluecoat logs, but then not giving us a
sample of them isn't likely to help much :-)
we can't help figure out a way to parse logs that we don't have samples of.
What options does bluecoat have to format it's logs? can it only write them
to a file? or can it send them to a network socket? from your comments
about framing errors, it sounds like you are sending them to a network
socket.
I've used a lot of proxy software over the years, but never heard of
bluecoat before now, so your claim that they are 'the most popular proxy
solution' is questionable :-)
But seriously, it's the responsibility of the thing generating logs to
comply with some sort of standard. What do people do who want to get the
bluecoat logs into other tools (logstash for the ELK stack, etc)? or are
they like Snort, and assume that you are going to be using their tools and
only their tools?
More information about the rsyslog-notify
mailing list