Situation
By default, neither Reporter nor the ProxySG appliance report on the Policy ID. With the standard log file, the ProxySG does not log the Policy ID. Because the default access log does not contain it, Reporter cannot do anything with the Policy ID unless it's configuration is modified to do so.
Solution
To display the Policy ID in your Reporter reports, perform the following:
- Instruct the ProxySG appliance to log the Policy ID in its access logs.
- Modify Reporter to be able to use the x-bluecoat-reference-id field.
Instruct the ProxySG appliance to log the Policy ID in its access logs
To address Step 1, you must log into the ProxySG appliance Management Console (https://<proxysg>:8082/) and create a new access log format, which is the string of variables that instructs the ProxySG appliance how to format the details about each client connection that it records.
1. In the Management Console, select Configuration > Access Logging > Formats.
2. Click Main format and Edit/View
3. Ensure that W3C Extended Log File Format is selected and paste this string over the top of the default string that exists in the field (this string is an identical copy of Main Format with some custom changes Like localtime and r-ip, but contains x-bluecoat-reference-id at the end, which is the Policy ID field):
localtime time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures rs(Content-Type) cs(Referer) cs(User-Agent) sc-filter-result cs-categories x-virus-id s-ip cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata) r-ip x-bluecoat-reference-id
4. Click OK; click Apply.
5. Go to Configuration > Access Logging > Logs and select the General Settings tab.
6. Change the Main Log to Main Log Format by editing the Log Format.
7. Click Apply.
appliance is now configured to log the Policy ID at the end of each access log entry. Next, you must configure Reporter to interpret that data and insert it into the database for reporting.
Modify Reporter to be able to use the x-bluecoat-reference-id field
In brief, the process is this:
- Go to Reporter Administrator --> General Setting --> Custom Log Field.
- Click on Custom Log Field; click New.
- Enter the Log Field as x-bluecoat-reference-id
- Display Name and Display Name(Pural)set as you want, in my Case i have Used Policy ID
- Select the Field Type --> String
- Click Save.
- Go to Databse Field and Unload the database, after unloaded.
- Click on Custom Log Field and Select the created Custom Log Field.
- Click Save.
Note :- It is completely depends upon the Databse in which you add this Custom Log Field, if the Databse is deleted all the Cutom Filed relted to databse will get deleted from report and again with new Database you have to mark this or Select the Custom log Field again.