cancel
Showing results for 
Search instead for 
Did you mean: 
agil
Level 7

Configure syslog on MWG 7.0.2

Hi Guys,

I need send MWG's logs to a syslog server but i don't know how do it. Can you help me with this?. I opened a case in McAfee Support and the engineer told me that the MWG 7.0.x don't support syslog.

Thanks,

Alek

0 Kudos
4 Replies
eelsasser
Level 15

Re: Configure syslog on MWG 7.0.2

Yes, you can syslog. The only exeption is some of the error and audit logs cannot be syslogged because they are not managed by the rule sets. But anything that can be generated by the Log Handler can be syslogged, such as access_denied, or foundVirus, or some other custom criteria.

The Error handler rules have many examples of using the Syslog event.

Basiclly, the steps are:

Create the logLine string that you want to send.

Use the Syslog() event to send it.

Edit the rsyslog.conf file to specify what server to send it to.

Message was edited by: eelsasser on 8/17/12 9:49:27 AM EDT
0 Kudos
McAfee Employee

Re: Configure syslog on MWG 7.0.2

I second Erik's post.

Here is screenshots for reference:

syslogconfig.png syslogrule.png

Pay close attention to the syntax in the syslog configuration file, EVERY character matters some times (i.e. -/var/log/messages vs /var/log/messages).

What was the SR # so I can follow up?

~jon

0 Kudos
blazej
Level 7

Re: Configure syslog on MWG 7.0.2

Is there a way to choose a different facility for "access logs" ? For example "local2"

I guess that using daemon.info cannot guarantee that there will be only access logs. Some other programs may use this facility also. Unless the appliance has no other programs logging to daemon facility??

0 Kudos
McAfee Employee

Re: Configure syslog on MWG 7.0.2

Web Gateway = Daemon.

So if you ensure that no other item is logged with a severity of Info, you can ensure that it is just the access log data.

Let me know if this helps.

~jon

0 Kudos