How to configure McAfee Email Gateway 7.x with Content Security Reporter 2.x

 

From https://kb.mcafee.com/agent/index?page=content&id=KB83242

 

Title

How to configure McAfee Email Gateway 7.x with Content Security Reporter 2.x

 

 

Environment

McAfee Email Gateway 7.x

McAfee Content Security Reporter 2.x

ePolicy Orchestrator 5.x

 

Summary

How to configure McAfee Email Gateway to send events to Content Security Reporter?

 

Open ePolicy Orchestrator

Click Menu, Configuration, Report Server settings

Select Log Sources

Click the Actions Menu in the right Pane at the bottom left

Select New

Configure a Name under Log Type

For example we used: MEG5000

For Mode Select Syslog

For Log Format Select McAfee Email Gateway

Enter the Client Address(es) for Accept Log Files from the Network Device

Select TCP for the Protocol

Note! Server port will change from 514 to 610 after selecting TCP

Click OK

 

Open the McAfee Email Gateway Console

Browse to System, Logging, Alerting, and SNMP, System Log Settings

Tick the check box for Enable System Log Events

For Logging Format chose Content Security Reporter

Select the events to be sent to CSR

Expand Off-box system log

Tick the check box for Enable off-box system log

Click Add Server

Enter the IP address of the CSR Server

Change the port from 514 to 610

Note! This is what CSR uses for TCP connections for Syslog.  MEG only uses TCP when communicating with CSR.

Apply the Changes

 

Once everything is configured the CSR Reports in ePO will allow for easy reporting on various detections.

Open the ePolicy Orchestrator Console

Browse to Dashboards

Click the Drop Down and Select CSR Email Activity

Click the PIE Chart to drill in to see events.

 

Screen Shots:

Capture1.JPG

Capture2.JPG

Capture3.JPG

Capture4.JPG

Capture5.JPG

 

Capture6.JPG