cancel
Showing results for 
Search instead for 
Did you mean: 
agil
Level 7

Configure syslog on MWG 6.9.1

Hi Guys,

I need send MWG's logs to a syslog server (UDP 514) but i don't know how to do it. Can you help me with this?. I opened a case in McAfee Support (3-2375677251) and the engineer told me that the MWG 6.9.1 doesn't support syslog.

Thanks,

Alek

0 Kudos
3 Replies
asabban
Level 17

Re: Configure syslog on MWG 6.9.1

Hello,

syslog is very limited on 6.9.1. What information would you like to log via syslog?

Best,

Andre

0 Kudos
agil
Level 7

Re: Configure syslog on MWG 6.9.1

Hi Andre,

I need to send the logs to a Event Correlator, so i need to send all level of information that the MWG can.

Thanks

Regards

Alek

0 Kudos
McAfee Employee

Re: Configure syslog on MWG 6.9.1

Hi Alek,

Sending log data over syslog with MWG 6.9 is not easy, and is not recommended.

In MWG 6 it would require that you configure a custom action for every setting in the GUI. So wherever you have a "block", you need to specify a new "block and syslog -- custom" action. Wherever you have an "allow" event, you need to configure an "allow and syslog custom" action. So you will need to look in every spot for every policy in the GUI to do this, its not easy.

In contrast MWG 7, would simply require two changes.

1) create the syslog event in the logging cycle (i.e. what data do you want sent to the syslog server)

2) tell mwg where to send the data

Hope this helps,

Jon

0 Kudos