How does reporter identify a user's AD group?

Solutions ID:    KB4310
Version:    2.0
Status:    Published
Published date:    03/02/2011
Updated:    03/03/2011

Problem Description

I am trying to create individual reports for managers to view a users internet access, based on AD groups.
Currently I can only see the groups that are affected by rules within the Bluecoat  SG proxy.
Is there a way for reporter to search on AD groups that are not already in use on the Bluecoat proxy server?


The Bluecoat reporter software used the the cs-auth-group field on the access logs to identify who is in what group.  This field captures a single group that an authenticated user belongs to. The ProxySG will only log "groups of interest", which basically correspond to group names that are explicitly matched against in policy. If there is no policy trigger referring to a particular group name in policy, the ProxySG won't try to figure out if the user is a member of any group, thus prevcenting users from loging in.

If a user belongs to multiple groups, the group logged is determined by the Group Log Order configuration specified in VPM. If the Group Log Order is not specified, an arbitrary group is logged. The steps to set the ‘group log order’ on the ProxySG VPM are as below.

To create the group log order list:

1. Select Configuration > Set Group Log Order; the Set Group Log Order dialog appears.
2. Click Add; the Add Group Object dialog appears.
3. In the Group Name field, enter the name of a group. The group must be already configured on the ProxySG.
4. From the Authentication Realm drop-down list, select a realm.
5. Click OK.
6. Repeat as required to add more groups.
7. To order the list, select a group and click Move Up or Move Down until you achieve the desired order.
8. Click OK.

Other Reporter LDAP articles of interest:

For details on how to setup Reporter to use LDAP as it's authentication realm, see KB3353

For details on what fields your main access log should contain, see FAQ282

For details on how to send your access logs to Reporter, see KB2983

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question