Troubleshooting
Problem
When trying to select a Blue Coat Proxy SG Event Name to search or filter on, only 2 Event Names show up in the Event Browser window.
Symptom
To reproduce this issue use the following steps.
- From the Log Activity tab, create a New Search filter.
- Select Event Name as the Search Parameter.
- Click the Browse button to browse for an event.
- Select BlueCoat SW Appliance as the Log Source Type and click Search.
Result: Only 2 QIDs are listed.
Cause
Many BlueCoat events are the same as Squid Web Proxy events.
Instead of having duplicate QID's in the database the BlueCoat events are contained within the Squid Web Proxy QID Map.
Resolving The Problem
When searching for Event Name select Squid Web Proxy instead of BlueCoat SW Appliance to find all of the QID's.
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Log Activity","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21668002