.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
The following gibberish errors are noticed in the /var/log/messages on the logdecoder appliance when trying to send SYSLOG events from BlueCoat ProxySG SGOS:
May 25 04:25:48 NwLogDecoder[7733]: [SYSLOG] [warning] Unidentified content from xxx.xxx.xxx.xxx received on receiver:
'X??!Q??,???4T???%D?^?rO?_?????%??=jU?D??/????X_?h_?a???71???(??]'????????1??Y"???{d?b$P?3??????/h{0C'
'X??!Q??,???4T???%D?^?rO?_?????%??=jU?D??/????X_?h_?a???71???(??]'????????1??Y"???{d?b$P?3??????/h{0C'
Cause
This happens when BlueCoat ProxySG SGOS is sending SYSLOG events in GZIP format.
Resolution
Speak with BlueCoat admin and ask to log in to Blue Coat's admin page and change the parameter "Save the log file as:" to "text file" under " Upload Client" > "Transmission Parameters" as indicated below :
Notes
This has already been reported to DOC team and in process of amending the Integration Guide for Blue Coat ProxySG SGOS
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: SA Log Decoder
RSA Version/Condition: 10.5+
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue