How to configure McAfee Email Gateway 7.x with Content Security Reporter 2.x
McAfee Email Gateway 7.x
McAfee Content Security Reporter 2.x
ePolicy Orchestrator 5.x
How to configure McAfee Email Gateway to send events to Content Security Reporter?
Open ePolicy Orchestrator
Click Menu, Configuration, Report Server settings
Select Log Sources
Click the Actions Menu in the right Pane at the bottom left
Configure a Name under Log Type
For example we used: MEG5000
For Mode Select Syslog
For Log Format Select McAfee Email Gateway
Enter the Client Address(es) for Accept Log Files from the Network Device
Select TCP for the Protocol
Note! Server port will change from 514 to 610 after selecting TCP
Open the McAfee Email Gateway Console
Browse to System, Logging, Alerting, and SNMP, System Log Settings
Tick the check box for Enable System Log Events
For Logging Format chose Content Security Reporter
Select the events to be sent to CSR
Expand Off-box system log
Tick the check box for Enable off-box system log
Click Add Server
Enter the IP address of the CSR Server
Change the port from 514 to 610
Note! This is what CSR uses for TCP connections for Syslog. MEG only uses TCP when communicating with CSR.
Apply the Changes
Once everything is configured the CSR Reports in ePO will allow for easy reporting on various detections.
Open the ePolicy Orchestrator Console
Browse to Dashboards
Click the Drop Down and Select CSR Email Activity
Click the PIE Chart to drill in to see events.