Blue Coat SG sample event messages

Use these sample event messages to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Blue Coat SG sample message when you use the Syslog protocol

The following sample event message shows that access was denied by a filter.

2016-11-07 13:13:54 44 407 TCP_DENIED 2251 492 GET http 80 /complete/search ?hl=de-DE&q=t&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8 - - - - - "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" DENIED "Search Engines/Portals" -
Table 1. Highlighted values in the Blue Coat SG event
QRadar field name Highlighted values in the event payload
Event Category For this DSM, the value in QRadar is always WebProxy
Source IP
Destination IP
Destination port 80