Blue Coat SG sample event messages

Use these sample event messages to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Blue Coat SG sample message when you use the Syslog protocol

The following sample event message shows that access was denied by a filter.

2016-11-07 13:13:54 44 172.28.51.1 407 TCP_DENIED 2251 492 GET http clients5.example.com 80 /complete/search ?hl=de-DE&q=t&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8 - - - - - "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" DENIED "Search Engines/Portals" - 192.168.165.34
Table 1. Highlighted values in the Blue Coat SG event
QRadar field name Highlighted values in the event payload
Event ID TCP_DENIED
Event Category For this DSM, the value in QRadar is always WebProxy
Source IP 172.28.51.1
Destination IP 192.168.165.34
Destination port 80