BCAAA: The software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is a software that is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between the ProxySG and the domain.Basically, without the BCAAA, it is not possible to do IWA / NTLM authentication, or to use Windows/Novell SSO.
SYSInfo: https://x.x.x.x:8082/SYSInfo diagnostic file listing stats from most SW and HW systems. Remember stats in this file are reset after reboot.
Snapshot: Is a copy of a SYSInfo either taken once per day or during a specified interval. https://x.x.x.x:8082/Diagnostics/Snapshot/sysinfo/download/all
https://x.x.x.x:8082/Diagnostics/Snapshot/sysinfo/download/all
Click on the Maintenance tab > Service Information > Snapshots
Interval Snapshots: Click on the Maintenance tab > Service Information > Snapshots > Create New > Fill out desired fields.
CLI:ProxySG#(config diagnostics)snapshot edit sysinfo_stats_5min
ProxySG#(config snapshot sysinfo_stats_5min)target /sysinfo-stats
ok
ProxySG#(config snapshot sysinfo_stats_5min)interval 5
ok
ProxySG#(config snapshot sysinfo_stats_5min)keep 100
ok
ProxySG#(config snapshot sysinfo_stats_5min)enable
ok Note: you may also configure monitors for various snapshot elements like cpu at the config diagnostics snapshot level.
Event Log: https://x.x.x.x:8082/Eventlog/Downlaod/events.log a copy of a system log info
PCAP: https://x.x.x.x:8082/PCAP/bluecoat.cap to start a packet capture
Core Image: http://x.x.x.x:8081/CM/Core_image
Access Logs: https://x.x.x.x:8082/Accesslog/directory Access logs can be displayed from the command line by using the open source WGET utility for Windows or Linux.
PAC File: Default PAC file: http://x.x.x.x:8080/proxy_pac_file | Accelerated-pac file: http://x.x.x.x:8080/accelerated_pac_base.pac you may install via CLI @ config level: #(config)inline accelerated-pac eof123 then paste the PAC contents.
Policy Types & Sequence: Virtual Policy Manager (VPM) -> Local file -> Central file -> Forward file
Change Policy Sequence: Configuration Tab > Policy > Policy Options > Policy Options > (Move up / Move down)
VPM Eval Sequence: 1. Admin Authentication 2. Admin Access 3. DNS Access 4. SOCKS Authentication 5. SSL Intercept 6. SSL Access 7. Web Authentication 8. Web Access 9. Web Content 10. Forwarding
Core Types:
* Contexts: A context file contains information about a crash or a restart (even restarts initiated by an administrator). They contain information about processes that were running at the time the restart was initiated, some memory information, and in the case of a crash, information about the process that triggered the crash as well as CPU stack information. Used for root cause analysis.
* Memory Core: When a crash requires a deeper analysis by an escalation engineer, the memory core file will likely be necessary. It is a memory dump that was written before the unit crashed (in most cases). If the unit lost power, neither a context nor a memory core will be generated. A memory core file requires the Context file with the same time stamp to hold any value. The memory core alone cannot be used without its context, but a context can be used without a memory core. You can set the option to write the file by going to Maintenance / Core images.
* Full Core: The more recent units will produce a “Full” file when a crash occurs. This file is basically a context and a memory core all in one; this makes it simpler to upload the information over to support. Just like with memory core files, by default, the ProxySG will only generate a context file when rebooting. You can set the option to write the file by going to Maintenance / Core images.
Leave A Comment?
You must be logged in to post a comment.