Versions Compared

Version Old Version 2 New Version Current
Changes made by

Aparna Rr

Miguel Lauriano

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

Blue Coat Proxy

BLUECOAT_WEBPROXY

Syslog (Via Logstash/NXlog)

CyberHub

Port Requirements

Source

Destination

Port

Blue Coat ProxyBroadcom Edge Secure Web Gateway

CyberHub

6514 (SECURE_TCP)

To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.

While we understand that TLS support may not be available on all devices, if your devices do support TLS communication, we recommend utilizing port 6514 for seamless integration.

In some cases, the upgraded version of the device might incorporate TLS support without prior notice. If you come across such a scenario or for further assistance in configuring TLS, we kindly ask you to reach out to your dedicated Adaptive MxDR Service Delivery Lead.

Device Configuration

Prerequisites:

...

c. In Log Settings, in the Log Name, type a name for the CyberhubCyberHub.

d. In Log Format, select the log format created in Step1.

e. In Description, type the description of the CyberhubCyberHub.

f. In Log file limits, in the The maximum size of each remote file is, type 200

...

c. Adaptive MxDR supports the following protocol logs which are given in the table and recommends you map the protocols to the Cyberhub CyberHub log facility.

...

d. Click each of the above protocols and click Edit

...

  1. Download, Install and setup Logstash agent by referring to this link Installing Logstash | Logstash Reference [8.2] | Elastic. Logstash requires JAVA to be installed as a prerequisite. You must install JAVA 8 in the Central Log Aggregation Server to enable Logstash processing log files. For Windows environments, Logstash should be installed with Admin User.

  2. Ensure that logstash service and logstash user have appropriate permissions for havingfull access on uploaded log files on Windows and Linux Log Aggregation Server respectively.

  3. Steps to configure Logstash Agent

    1. Navigate to Logstash configuration directory location,

      1. In CentOS with default installation, please navigate to “/etc/logstash/conf.d/.

      2. In Windows, please navigate to the installed directory {Logstash_extract.path}/config where {Logstash_extract.path} is Logstash Directory created by unpacking the archive.
        This could be any chosen custom path on which you extracted Logstash archive. Example value could be “C:/logstash-8.3.1/config“

    2. Rename attached logstash.conf to "edgeswg.conf" and copy this in the Logstash Configuration directory. Here edgeswg.conf file should be copied either in conf.d or config directory for CentOS and Windows installation respectively. Kindly edit this file for log forwarding by following the steps provided in it and then Save it.

    3. Start the logstash service.

View file
nameLogstash (1).conf

  • Configure NxLog Agent to forward logs to CyberhubCyberHub

  1. Download and Install NXLog agent from location Download (There are few dependencies that you need to install and then you can install NXLog on machine. Refer NXLog documentation collections | NXLog Docs )

  2. Ensure that nxlog service and nxlog user have appropriate permissions for havingfull access on uploaded log files on Windows and Linux Log Aggregation Server respectively.

  3. Configure NXLog Agent

    1. Navigate to NXLog configuration directory location.

      1. In CentOS with default installation, please navigate to “/etc/nxlog/directory.

      2. In Windows with default installation, please navigate to “C:\Program Files\nxlog\conf” folder.

    2. For CentOS installation, rename attached nxlog_linux.conf to "nxlog.conf" and copy into this /etc/nxlog directory. For Windows installation, rename attached nxlog_windows.conf to "nxlog.conf" and copy into this C:\Program Files\nxlog\conf directory. Kindly edit this file for log forwarding by following the steps provided in it and then Save it.

    3. Start the nxlog service.

View file
namenxlog_linux (1).conf
View file
namenxlog_windows (1).conf

Integration Parameters

...

Property

Default Value

Description

IP Address

Broadcom Edge Secure Web Gateway interface IP address

Hostname or IP address of the device which forwards logs to the CyberHub

...