The ProxySG will record what changes are made to the configuration in the Event Log (
https://<ProxyIP>:8082/Eventlog/fetch=0xfffffff). These lines will appear in the log in the following format:
"Config admin at 10.10.10.10 'admin', enabled early intercept for service 'Internal HTTP'" 0 140002:7D svc_config_logger.cpp:60 "Config admin at 10.10.10.10 'admin', enabled detect protocol for service 'Internal HTTP'" 0 140002:7D svc_config_logger.cpp:60 "Administrator action, user 'admin', from 10.10.10.10', Viewed event log" 0 60003:7D cag_agent.cpp:1467 "Config admin at 10.10.10.10 'admin', changed health check 'auth.test' from Enabled to: Disabled: Healthy" 0 140002:7D cli_parse.hpp:268
The specifics of what each policy change entails are not logged, however all policy install actions are logged with the time and by whom:
"Config admin at 10.10.10.10 'admin', installed new VPM Policy File and VPM XML File (with 1 warnings)." 0 140002:7D cli_parse.hpp
For accurate activity tracking, Blue Coat recommends that each administrator (or set of administrators) has a unique login. See this topic for steps to configure administrator accounts to use an IWA authentication realm.
Imported Document ID: 000024139
Subscribing will provide email updates when this Article is updated. Login is required.