![configuring bluecoat reporter 10 for scp logging configuring bluecoat reporter 10 for scp logging](https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/reporter/10-5/content/images/enableFTPS.png)
- Configuring bluecoat reporter 10 for scp logging how to#
- Configuring bluecoat reporter 10 for scp logging free#
So we've been trying to fix the bluecoat situation AND leverage the checkpoint so that I have the best of both worlds.Įssentially we have a company that does intrusion detection monitoring. I compared a night when someone downloaded over 80 gig of content with a bluecoat reporter that showed 125 meg. Not only that I have found that the logging doesn't even reflect correct data transfer quantities (not sure if previous technician did that somehow as well). We inherited a situation from the original technician in which nothing really useful gets logged.
Configuring bluecoat reporter 10 for scp logging how to#
in a world where we could get someone effective from bluecoat to actually explain to us how to get reporter to work correctly.
Configuring bluecoat reporter 10 for scp logging free#
Why wouldn't you just use Authentication on the BlueCoat and their own free Reporting Client? You'd get more accurate and comprehensive information that way.I agree. This sounds like what the Check Point Sales Engineer was meaning you could do, however the bluecoat doesn't forward the user id and user ip to the Check Point, it is merely that the Bluecoat doesn't proxy the users ip (which is the standard method) so that the Check Point sees the original IP and then uses Identity Logging to retrieve the username and machine name from the AD system. The Check Point document looks pretty good on how to configure Identity Logging. This way your firewall will see the client IP of the original request, not the Bluecoat IP, and your security policy on the Check Point will need to reflect this.Īt that point then the Firewall will see the PC's IP and the Identity Logging feature of Check Point can then query the AD server to get the Source User Name, and Source Machine Name field information.
![configuring bluecoat reporter 10 for scp logging configuring bluecoat reporter 10 for scp logging](https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/reporter/10-5/content/images/certimprt2.png)
This apparently forwards the original client IP to the destination rather then the Bluecoats IP. I believe also that you use the Bluecoat in Transparent Mode, but I am sure that Bluecoat can fill you in on that. Look at the Send Client IP feature on the Bluecoat which is I believe the feature that you need to do this. What you have described sounds like Identity Logging, however that is the where the Management Server is querying the AD to map an IP adress of the source IP in the log to an AD Username and AD Machine Name