In the ProxySG appliance access logs, display the authentication type (BASIC, NTLM, etc) that a client used.

Solution

Overview

You want to log the authentication type used by a client to authenticate to the proxy. For example: BASIC or NTLM types.

 

Cause
Resolution

There is a way to add a field to the access logs of the proxy that will indicate the authentication type (BASIC, NTLM, etc) used by the client. However, Blue Coat Reporter is not currently designed to recognize this field and ignores it. You must post-process the access log files to get the data you seek.

 

The access log field name is cs-auth-type.

To add this field to the access logs, complete the following steps in the ProxySG appliance Management Console:

 

1) Select Configuration > Access Logging > Formats.

2) Create a NEW format with a name of your choosing.

2) Select the W3C ELFF option.

3) Delete the entire default format string and paste in the following string:

date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id cs-auth-type

Note: This is identical to the default bcreportermain_v1 format used for Reporter plus the cs-auth-type field added at the end.

4) Click OK; click Apply.

5) Select Configuration > Access Logging > Logs > General Settings.

6) From the Log: drop-down lopick the access log you're using and change the log format to use the new format you created. Accept the warning that displays.

 

The authentication type is now logged as the last field in the access log file, allowing you to get the data you need.

 

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4446
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat