Creating Extra Custom Format Key-value Pairs
Use the Extended Log File Format (ELFF) custom format to forward specific Blue Coat data or events to JSA.
The custom format is a series of pipe-delimited fields that
start with the Bluecoat| field and contains
the $(Blue Coat ELFF) parameter.
For example:
Bluecoat|src=$(c-ip)|srcport=$(c-port)|dst=$(cs-uri-address)|dstport=$(cs-uriport)| username=$(cs-username)|devicetime=$(gmttime)|s-action=$(s-action)|sc-status=$(scstatus)| cs-method=$(cs-method)
Blue Coat ELFF Parameter |
JSA Custom Format Example |
|---|---|
sc-bytes |
$(sc-bytes) |
rs(Content-type) |
$(rs(Content-Type)) |
For more information about available Blue Coat ELFF parameters, see your Blue Coat appliance documentation.