ProxySG & Advanced Secure Gateway

Hi;

I would like to add cs(X-Forwarded-For) to the logs sent to reporter. I have tried to amend the BCreporterV1 formatt and add this fied to it but this particular field is not showing when I view it under Statistics > Access Logs > start trial.

Kindy

Wasfi

Hi Wasfi,

           By default the "main" log uses the format of "bcreportermainv1" and this format is non-editable. If you have not done already, try copying this format fields and then create a new format with the extra field added. After this go to Configuration > Access Logging > Logs > General Settings [Tab]. Select log as "main" or the one you expect to have this detail added. Change the "Log Format:" to the newly created format. Start trailing this log.

*If you are using a new custom log, make sure to add policy to write to this new log file.

Also to add, that the requests hitting proxy should have the X-Forwarded-For header present :)

It worked Aravind and showed up in the access logs under Statistics > Access Logs in the GUI. They are reaching the splunk and logarithm servers but not showing up correctly on them. Is there a guide to show how to integrate these.

Kindly

Wasfi

Hi Wasfi,

            ProxySG format and pass the access-log as expected. We may have to involve the respective SIEM tool vendor to make it set to show non-default fields. Even our Reporter don't have option to show the X-Firwarded-For by default. I am not aware of steps in Splunk.

Thank you Aravind.

Actually, it is not even showing the default fields. I will send you  a screen-shot

Kindly

Wasfi

I got it to work. I was using the BCReportermain client instead of the Custom upload client and BTW, it shows the value of the XFF header.

Thank you for everything Aravind.

Kindly

Wasfi