ProxySG & Advanced Secure Gateway

  • 1.  Sending Proxy Access Logs to Azure Sentinel

    Posted May 14, 2025 10:46 AM

    Hello,

    We have a requirement to forward the Symantec Proxy access logs to Microsoft Sentinel, and Sentinel supports CEF log format. In the proxy we have support only for ELFF format, so I would like to know anyone has forwarded the proxy logs to Sentinel in CEF format. Please help.

    Thanks and Regards

    Shabeeb



  • 2.  RE: Sending Proxy Access Logs to Azure Sentinel

    Broadcom Employee
    Posted May 19, 2025 05:41 AM

    Hi Shabeeb,

    You can modify the format on the proxy to what ever you want on the remote end. So just customise it to fit your need. Example:

    Server wants log to look like this: "user=var, client_IP=var"

    Modify the proxy format to look like this: "user=$(cs-username), client_IP=$(c-ip)"

    Give me an example of logs from Sentinel and I can respond with the format configure on the proxy

    Hope that helps.

    -Jan




  • 3.  RE: Sending Proxy Access Logs to Azure Sentinel

    Posted May 19, 2025 05:49 AM
    Dear Jan,

    Thanks a lot for your help. I have requested for the sample CEF log. In the mean time if you have any document that maps the ELFF variables with CEF, kindly share it with me.

    Regards

    Shabeeb Kunhipocker

    Senior Security Architect



    P.O. Box 9307, Doha, Qatar

    T +974 4407 3111 x 6177



    M +974 33198481
    E shabeeb@gbmqatar.com



    WEBSITE<http: www.gbmqatar.com> | LINKEDIN <https: www.linkedin.com company gbmqatar mycompany viewasmember=true> <https: www.linkedin.com company gbmqatar mycompany viewasmember=true> | WEBEX | TEAMS

    [X]

    General Marketing & Services Representative for IBM WTC



    Please consider the environment before printing this email.




  • 4.  RE: Sending Proxy Access Logs to Azure Sentinel

    Posted May 20, 2025 12:50 AM

    Hi,

    ask the Broadcom support for this PDF: 




  • 5.  RE: Sending Proxy Access Logs to Azure Sentinel

    Posted May 21, 2025 03:37 AM

    Hi Shabeeb

    Unfortunately, I have no experience with sending logs to Sentinel, but I would like to advise you to look at the IBM documentation for setting up ProxySG with QRadar

    https://www.ibm.com/docs/pt/qsip/7.4?topic=coat-blue-sg#c_dsm_guide_bluecoat_intro
    I think that using their example you will be able to solve your problem.

    B.R

    Dima