BlueCoat Quick Reference

BCAAA: The software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is a software that is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between the ProxySG and the domain.Basically, without the BCAAA, it is not possible to do IWA / NTLM authentication, or to use Windows/Novell SSO.

SYSInfo: https://x.x.x.x:8082/SYSInfo diagnostic file listing stats from most SW and HW systems. Remember stats in this file are reset after reboot.

Snapshot: Is a copy of a SYSInfo either taken once per day or during a specified interval.  https://x.x.x.x:8082/Diagnostics/Snapshot/sysinfo/download/all

https://x.x.x.x:8082/Diagnostics/Snapshot/sysinfo/download/all

Click on the Maintenance tab > Service Information > Snapshots

Interval Snapshots: Click on the Maintenance tab > Service Information > Snapshots > Create New > Fill out desired fields. 

CLI:ProxySG#(config diagnostics)snapshot edit sysinfo_stats_5min

ProxySG#(config snapshot sysinfo_stats_5min)target /sysinfo-stats

  ok

ProxySG#(config snapshot sysinfo_stats_5min)interval 5

  ok

ProxySG#(config snapshot sysinfo_stats_5min)keep 100

  ok

ProxySG#(config snapshot sysinfo_stats_5min)enable

  ok Note: you may also configure monitors for various snapshot elements like cpu at the config diagnostics snapshot level.

Event Log: https://x.x.x.x:8082/Eventlog/Downlaod/events.log a copy of a system log info

PCAP: https://x.x.x.x:8082/PCAP/bluecoat.cap to start a packet capture

Core Image: http://x.x.x.x:8081/CM/Core_image

Access Logs: https://x.x.x.x:8082/Accesslog/directory  Access logs can be displayed from the command line by using the open source WGET utility for Windows or Linux.

PAC File: Default PAC file: http://x.x.x.x:8080/proxy_pac_file | Accelerated-pac file: http://x.x.x.x:8080/accelerated_pac_base.pac you may install via CLI @ config level: #(config)inline accelerated-pac eof123 then paste the PAC contents.

Policy Types & Sequence: Virtual Policy Manager (VPM) -> Local file -> Central file -> Forward file

Change Policy Sequence: Configuration Tab > Policy > Policy Options > Policy Options > (Move up / Move down)

VPM Eval Sequence: 1. Admin Authentication 2. Admin Access 3. DNS Access 4. SOCKS Authentication 5. SSL Intercept 6. SSL Access 7. Web Authentication 8. Web Access 9. Web Content 10. Forwarding

Core Types:

* Contexts: A context file contains information about a crash or a restart (even restarts initiated by an administrator). They contain information about processes that were running at the time the restart was initiated, some memory information, and in the case of a crash, information about the process that triggered the crash as well as CPU stack information. Used for root cause analysis.

* Memory Core: When a crash requires a deeper analysis by an escalation engineer, the memory core file will likely be necessary. It is a memory dump that was written before the unit crashed (in most cases). If the unit lost power, neither a context nor a memory core will be generated. A memory core file requires the Context file with the same time stamp to hold any value. The memory core alone cannot be used without its context, but a context can be used without a memory core. You can set the option to write the file by going to Maintenance / Core images.

* Full Core: The more recent units will produce a “Full” file when a crash occurs. This file is basically a context and a memory core all in one; this makes it simpler to upload the information over to support. Just like with memory core files, by default, the ProxySG will only generate a context file when rebooting. You can set the option to write the file by going to Maintenance / Core images.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.