Skip to main content
kltam
Staff
kltam
Staff
December 2, 2021

Technical Tips: How to configure Epilog Client in FortiSIEM to integrate with BlueCoat WebProxy

  • December 2, 2021
  • 1 reply
  • 1221 views
Description

This article describes  the further steps required in FortiSIEM Supervisor/Collector in order to integrate properly with BlueCoat web proxy.

 

Refer to the doc below for the basic configurations required:

https://docs.fortinet.com/document/fortisiem/5.4.0/external-systems-configuration-guide/662685/blue-coat-web-proxy
Scope

FortiSIEM 5.4 and below
Solution

1) Log in to the supervisor or the collector node as root.

 

2) Set 'incoming_log_cfg=/opt/phoenix/cache/bluecoat' in 'phoenix_config.txt'.

 

> vi /opt/phoenix/config/phoenix_config.txt
incoming_log_cfg=/opt/phoenix/cache/bluecoat


3) Comment or remove the 'Output' setting under 'epilog.conf'.

 

> vi /etc/snare/epilog/epilog.conf
Output
# network=localhost:514 <----- Comment this.
# syslog=2 <----- Comment this.


4) Restart epilog and phParser, then wait for few minutes.


> /etc/init.d/epilogd restart
> killall -9 phParser


5) Change ownership or permission of '/<bluecoat IP>' folder to allow file process and deletion.


> cd /opt/phoenix/cache/bluecoat
> chown admin.admin x.x.x.x/
> chmod 777 x.x.x.x/


Whereby 'x.x.x.x' is the bluecoat's IP.

    1 reply

    premchanderr
    Staff & Editor
    premchanderr
    Staff & Editor
    June 7, 2022

    Hi,

     

    Do note that Epilog Snare was earlier a free product and now it has to be purchased.

     

    So by default you wouldn't be finding it on recent Linux Distributions. 

     

    Regards,

    Prem Chander R

    Terms & ConditionsAccessibility statement