Blue Coat event formats supported by TIBCO LogLogic LMI

Blue Coat event formats supported by TIBCO LogLogic LMI

book

Article ID: KB0077513

calendar_today

Updated On:

Products Versions
TIBCO LogLogic Log Management Intelligence all versions

Description

LogLogic LMI accepts two formats for which it can parse.

 The first is the standard ELFF format:

date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs-method cs-uri-scheme cs-host cs-uri-stem cs-username s-hierarchy s-supplier-name rs(Content-Type) cs(User-Agent) sc-filter-result sc-filter-category x-virus-id s-ip s-sitename

The second format is not the default ELFF format, but allows LogLogic to parse or normalize a number of additional fields:

bytes c-dns c-ip cached cs(Content-Type) cs(Referer) cs(User-Agent) cs(X-Forwarded-For) cs-auth-group cs-auth-groups cs-method cs-types cs-uri cs-uri-query cs-uri-stem current-time date r-dns r-ip r-port rs(Content-Type) s-dns s-ip s-port sc-bytes sc-status time time-taken x-action x-connect-time x-hiercode x-play-time x-product x-protocol x-sc-contentlength x-smartfilter-categories x-smartfilter-result x-status x-timestamp x-transaction x-username x-virus-details x-virus-id

Issue/Introduction

This article explains the event formats used by Blue Coat log sources that are supported by LogLogic LMI.
Powered by Wolken Software