In the ProxySG appliance access logs, display the authentication type (BASIC, NTLM, etc) that a client used.
You want to log the authentication type used by a client to authenticate to the proxy. For example: BASIC or NTLM types.
There is a way to add a field to the access logs of the proxy that will indicate the authentication type (BASIC, NTLM, etc) used by the client. However, Blue Coat Reporter is not currently designed to recognize this field and ignores it. You must post-process the access log files to get the data you seek.
The access log field name is cs-auth-type.
To add this field to the access logs, complete the following steps in the ProxySG appliance Management Console:
1) Select Configuration > Access Logging > Formats.
2) Create a NEW format with a name of your choosing.
2) Select the W3C ELFF option.
3) Delete the entire default format string and paste in the following string:
Note: This is identical to the default bcreportermain_v1 format used for Reporter plus the cs-auth-type field added at the end.
4) Click OK; click Apply.
5) Select Configuration > Access Logging > Logs > General Settings.
6) From the Log: drop-down lopick the access log you're using and change the log format to use the new format you created. Accept the warning that displays.
The authentication type is now logged as the last field in the access log file, allowing you to get the data you need.
Rate this Page
Please take a moment to complete this form to help us better serve you.