cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Elasticsearch and grok filter

Hello,

I would like to import our McAfee Web Gateway Proxy Logs into elasticsearch. In order to import the logs I need to use logstash and to separate the different log fields I need to use grok.

Even I am skilled regarding Regex, I have big problems to write the grok command.

Did anyone wrote a filter for the McAfee Proxy Logs before and is willing to provide me with this information ?

BR Marcus

1 Reply
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Elasticsearch and grok filter

Hi Marcus,

Would this github repo help (specifically the json file)?

GitHub - Jerrison777/Graylog-MWG-Contentpack: Collecting Syslog Ouput from McAfee Web Gateway 7.5

Best Regards,

Jon

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.