I need send MWG's logs to a syslog server but i don't know how do it. Can you help me with this?. I opened a case in McAfee Support and the engineer told me that the MWG 7.0.x don't support syslog.
Yes, you can syslog. The only exeption is some of the error and audit logs cannot be syslogged because they are not managed by the rule sets. But anything that can be generated by the Log Handler can be syslogged, such as access_denied, or foundVirus, or some other custom criteria.
The Error handler rules have many examples of using the Syslog event.
Basiclly, the steps are:
Create the logLine string that you want to send.
Use the Syslog() event to send it.
Edit the rsyslog.conf file to specify what server to send it to.Message was edited by: eelsasser on 8/17/12 9:49:27 AM EDT
I second Erik's post.
Here is screenshots for reference:
Pay close attention to the syntax in the syslog configuration file, EVERY character matters some times (i.e. -/var/log/messages vs /var/log/messages).
What was the SR # so I can follow up?
Is there a way to choose a different facility for "access logs" ? For example "local2"
I guess that using daemon.info cannot guarantee that there will be only access logs. Some other programs may use this facility also. Unless the appliance has no other programs logging to daemon facility??
Web Gateway = Daemon.
So if you ensure that no other item is logged with a severity of Info, you can ensure that it is just the access log data.
Let me know if this helps.