...
Broadcom Edge SWG (appliance or VMs) to provide businesses with better web security and enforcement of corporate and regulatory compliance. Your high-performance secure web gateway can be delivered on-premises on Symantec hardware and virtual appliances, or in private cloud infrastructure such as AWS, Azure or Google Cloud.
Device Information
Entity | Particulars |
|---|---|
Vendor Name | Broadcom (Previously known as Symantec and before that Bluecoat Respectively) |
Product Name | Edge Secure Web Gateway (Previously Known as ProxySG) |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol | Log Collection Method |
|---|---|---|---|
Blue Coat Proxy | BLUECOAT_WEBPROXY | Syslog (Via Logstash/NXlog) | CyberHub |
Port Requirements
Source | Destination | Port |
|---|---|---|
Blue Coat Proxy | CyberHub | 6514 (SECURE_TCP) |
Device Configuration
Prerequisites:
...
Download, Install and setup Logstash agent by referring to this link Installing Logstash | Logstash Reference [8.2] | Elastic. Logstash requires JAVA to be installed as a prerequisite. You must install JAVA 8 in the Central Log Aggregation Server to enable Logstash processing log files. For Windows environments, Logstash should be installed with Admin User.
Ensure that logstash service and logstash user have appropriate permissions for havingfull access on uploaded log files on Windows and Linux Log Aggregation Server respectively.
Steps to configure Logstash Agent
Navigate to Logstash configuration directory location,
In CentOS with default installation, please navigate to “/etc/logstash/conf.d/”.
In Windows, please navigate to the installed directory {Logstash_extract.path}/config where {Logstash_extract.path} is Logstash Directory created by unpacking the archive.
This could be any chosen custom path on which you extracted Logstash archive. Example value could be “C:/logstash-8.3.1/config“
Rename attached logstash.conf to "edgeswg.conf" and copy this in the Logstash Configuration directory. Here edgeswg.conf file should be copied either in conf.d or config directory for CentOS and Windows installation respectively. Kindly edit this file for log forwarding by following the steps provided in it and then Save it.
Start the logstash service.
| View file | ||
|---|---|---|
|
Configure NxLog Agent to forward logs to Cyberhub
Download and Install NXLog agent from location Download (There are few dependencies that you need to install and then you can install NXLog on machine. Refer NXLog documentation collections | NXLog Docs )
Ensure that nxlog service and nxlog user have appropriate permissions for havingfull access on uploaded log files on Windows and Linux Log Aggregation Server respectively.
Configure NXLog Agent
Navigate to NXLog configuration directory location.
In CentOS with default installation, please navigate to “/etc/nxlog/” directory.
In Windows with default installation, please navigate to “C:\Program Files\nxlog\conf” folder.
For CentOS installation, rename attached nxlog_linux.conf to "nxlog.conf" and copy into this /etc/nxlog directory. For Windows installation, rename attached nxlog_windows.conf to "nxlog.conf" and copy into this C:\Program Files\nxlog\conf directory. Kindly edit this file for log forwarding by following the steps provided in it and then Save it.
Start the nxlog service.
| View file | ||
|---|---|---|
|
| View file | ||
|---|---|---|
|
Integration Parameters
Parameters required from customer for Integration.
Property | Default Value | Description |
|---|---|---|
IP Address | Edge Secure Web Gateway interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |