I need send MWG's logs to a syslog server (UDP 514) but i don't know how to do it. Can you help me with this?. I opened a case in McAfee Support (3-2375677251) and the engineer told me that the MWG 6.9.1 doesn't support syslog.
Sending log data over syslog with MWG 6.9 is not easy, and is not recommended.
In MWG 6 it would require that you configure a custom action for every setting in the GUI. So wherever you have a "block", you need to specify a new "block and syslog -- custom" action. Wherever you have an "allow" event, you need to configure an "allow and syslog custom" action. So you will need to look in every spot for every policy in the GUI to do this, its not easy.
In contrast MWG 7, would simply require two changes.
1) create the syslog event in the logging cycle (i.e. what data do you want sent to the syslog server)
2) tell mwg where to send the data
Hope this helps,