cancel
Showing results for 
Search instead for 
Did you mean: 
lichnt
Level 7
Report Inappropriate Content
Message 1 of 11

Add McAfee Email Gateway as data soure

I tried add McAfee Email Gateway as data soure but not success:

- at ENMELM , i add data source :

2013-06-13_150719.png

- At McAfee Email Gateway , i config :

2013-06-13_150942.png

Can i help me ?

Thanks

10 Replies
proxima
Level 10
Report Inappropriate Content
Message 2 of 11

Re: Add McAfee Email Gateway as data soure

Hi,

Did you tray to use tcpdump on the receiver?

ssh on ERC -> for example:  tcpdump -i eth0 host 192.168.0.1

If the data are receiving by ERC than try to use add MEG via autolearn

autolearn.jpg

Regards,

MK

lichnt
Level 7
Report Inappropriate Content
Message 3 of 11

Re: Add McAfee Email Gateway as data soure

I tried do it as you talk but not recive .

I see at via ssh : tcpdump is not see data at email gateway send to ERC ,


Message was edited by: lichnt on 6/13/13 9:31:55 PM CDT
proxima
Level 10
Report Inappropriate Content
Message 4 of 11

Re: Add McAfee Email Gateway as data soure

HI,

I suspect that you have properly set MEG settings - so you must check connection between MEG and ESM through specified port.

Regards,

MK

lichnt
Level 7
Report Inappropriate Content
Message 5 of 11

Re: Add McAfee Email Gateway as data soure

i check port , i use recieve log other , this device recive log of Email Gateway but with ESM it not still work

artek
Level 11
Report Inappropriate Content
Message 6 of 11

Re: Add McAfee Email Gateway as data soure

Hi,

are you sure, that you Receiver has "OK" status (you can check it in properties of the Receiver)

Regards,

Artur

althena
Level 9
Report Inappropriate Content
Message 7 of 11

Re: Add McAfee Email Gateway as data soure

I solved this problem on my site this week!

Email Gateway just didn't send anything when configured with TCP.

Try UDP instead.

It solved it for us.

lichnt
Level 7
Report Inappropriate Content
Message 8 of 11

Re: Add McAfee Email Gateway as data soure

I tried use UDP port

2013-06-25_092132.png

, at ssh tcpdump i see :

2013-06-25_092101.png

but not recieve at ELM

althena
Level 9
Report Inappropriate Content
Message 9 of 11

Re: Add McAfee Email Gateway as data soure

Did you write the settings on the receiver?

What is the problem you are having exactly? You aren't seeing the logs in an ESM view? Did you write the settings to the receiver?

Or they aren't being sent to the ELM?

Also, all your packets show a length of 0. Do you actually have email gateway traffic? Use the TCPDUMP switch -n and -A and see if any logs come through.

esvom
Level 7
Report Inappropriate Content
Message 10 of 11

Re: Add McAfee Email Gateway as data soure

Mcafee MEG use syslog (UDP port 514)

Try configuring the McAfee MEG like the picture below:

datasource.png

Also, the Mask should be 32 because is just a device.

Regards.