Dear All,

I saw your thread here, and I face the similar problem.
I tried to upload the logs using the similar format which I put under
the Bluecoat

first test is to use the " date time s-ip sc-status s-action sc-bytes
cs-bytes cs-method cs-uri-scheme cs-host cs-uri-port cs-uri-path
cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name
rs(Content-Type) cs(Referer) cs(User-Agent) sc-filter-result
cs-categories x-virus-id c-ip time-taken " from documents, and the logs
in sentinel always shown as Data Format does not match..

second test is to use the main ELFF directly and put the custom log as
empty, while the ELFF format as main in sentinel and the same occured.

Are there any mistake that I do?

I am using the Blue-Coat_ProxySG-Appliances_6.1r1 collector
I used the BlueCoat ver 5.1.x (which I did not see it within the
applicable versions of BlueCoat).

Johanes Glenn

MSagi;201397 Wrote:
> Thanxs for your answer, but I solved my problem.
> I found an error in the official documentation: it said, in the log
> file, initial three fields must be "date" "time" and "s-ip", but, after
> many tests, I found "s-action" instead of "s-ip" is mandatory and,
> also,
> isn't important the position in log file.
> Now everything works.
> Once again, thanx for your answer
> --
> MSagi
> ------------------------------------------------------------------------
> MSagi's Profile:
> View this thread:

johanesglenn's Profile:
View this thread: