Solutions

How to encrypt access logs before uploading them to an external server

Solutions ID:    KB4734
Version:    3.0
Status:    Published
Published date:    10/28/2011
Updated:    11/29/2011
 

Problem Description

ProxySG appliances have a built-in mechanism to encrypt access logs before they are uploaded to an external server for log processing. Once encrypted, the logs are sent to the configured server. The logs must be decrypted prior to viewing or processing with Blue Coat Reporter or other tools.

Resolution

Please note: The following steps only apply to periodic uploads. If you have a direct connection to Blue Coat Reporter or are using a continual stream for your logs, the steps below will not work.

1. Generate a private and public key pair which will be saved and imported in your server of choice. The private key will be saved on the server only - it is not needed for the ProxySG steps below.
2. On your ProxySG Management Console, browse to the Configuration tab > SSL > External Certificates
3. Click on the Import button, and paste the public key (certificate) in the box. Click OK and Apply


4. Browse to Access Logging > Logs > Upload Client tab. In the Transmission Parameters section, select the certificate you imported in Step 3 here. Click Apply. 

 

NOTE1: The Bluecoat Reporter application has no capacity to de-crypt the acess logs, at this time.  You will need another application to de-crypt them before presenting them to the Bluecoat Reporter application for processing.  For details on how to setup acess logs so that Reporter can process them, see KB2983

NOTE2: For details on how to send the access logs over a secure connection, however, see KB2928


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question