cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
prasanthpavan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 1 of 3

Email Notification for rule set changes in Web Gateway

Hi,

I have a McAfee Web Gateway running with 7.6.2.10.0 I want to trigger email notification to few users when ever an administrator is doing any changes on the rule sets.

Is this possible? Please help.

Regards,

PRASANTH.

2 Replies
jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Email Notification for rule set changes in Web Gateway

Hi Prasanth,

It is possible to notify when someone hits save changes, but we cannot distinguish between a ruleset change and a configuration change.

If you follow this guide it will help you setup a general notifications ruleset in the Error Handler:

The incident ID for saving changes is 1710, a failed save changes is 1711.

Let me know if that helps.

Best Regards,

Jon

jacek
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Email Notification for rule set changes in Web Gateway

I wrote a shell script which is run by cron before midnight.

All audit actions are in file: /opt/mwg/log/audit/audit.log

/bin/awk 'BEGIN{ACTION="";CONTENT=""}{if ($0 ~ /^__/) {if(ACTION!="") print CONTENT; ACTION=""; CONTENT=""}; if($1=="Action" && $3 ~ /^(ADDED|DELETED|MODIFIED|MOVED)_/){ACTION=$3}; CONTENT=CONTENT "\n" $0}' /opt/mwg/log/audit/audit.log

What this command does?

Looks for lines starting with __ (it is a separator of audit log entry).

It also looks for lines contains at the beginning: Action and as third argument ADDED_, DELETED_, MODIFIED_ or MOVED_ substring - if found, save it to ACTION variable.

All content (between __ lines) is temporarily saved to CONTENT variable.

If ACTION matches and entry separator __ is matched, CONTENT is printed to console.

Result can be saved to file, send with syslog, send by email (I use netcat to do this).

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community