I need to set the Data Source for Microsoft TMG, but the connection can not do for SQL, as the TMG is configured in the W3C format as the default Log.
When setting the SIEM, the Log brings no, do not know if I configure CIFS, FTP or some other format in Data Retrieval.
How mcafee collects information in a shared folder on a devices?
I need to enable any feature in the data source?El mensaje fue editado por: arfelix on 19/02/14 11:27:53 AM VET
Can you config log at TMG ?
The first you config log at TMG as link: http://tmgblog.richardhicks.com/2010/04/04/configuring-syslog-on-isa-and-tmg-with-splunk-log-managem...
Then you share folder config log at the first
As McAfee SIEM you config CIFS as:
I can't use Splunk Log Management,
I have created and configured the shared folder so CIFS, and not received log in ESM.
I configured Data Source TMG, IIS, but I can not receive log, that device(TMG) in that folder where you stored the log.
My question, how I can collect log in format W3C or another format to the McAfee SIEM.
Thanks for your help!
I see you config datasource is not true, you want get log of TMG , you choose IIS , you must choose at vendor " Internet Security and Accelaration(ASP)".
More at TMG you config :
To configure TMG for text file logging, open the management console and highlight Logs & Reports in the console tree, then select the Logging tab.
To configure ISA for text file logging, open the management console and highlight Monitoringin the console tree, then select the Logging tab.
For both ISA and TMG, click Configure Firewall Logging or Configure Web Proxy Logging in the Tasks pane.
Select the File option and choose W3C Extended Log File Format. Do the same for Web Proxy Logging.
In the Log File or Directory field, enter the location of the firewall logs. For TMG, the default log folder is C:\Program Files\Microsoft Forefront Threat Management Gateway\Logs. For ISA, the default log folder is C:\Program Files\Microsoft ISA Server\ISALogs. In the Log Name
Format: field, enter *FWS*.w3c. Click Change Configuration when finished.
You share forder log and type datasource at ESM