I would like to import our McAfee Web Gateway Proxy Logs into elasticsearch. In order to import the logs I need to use logstash and to separate the different log fields I need to use grok.
Even I am skilled regarding Regex, I have big problems to write the grok command.
Did anyone wrote a filter for the McAfee Proxy Logs before and is willing to provide me with this information ?
Would this github repo help (specifically the json file)?
GitHub - Jerrison777/Graylog-MWG-Contentpack: Collecting Syslog Ouput from McAfee Web Gateway 7.5