Hello,

Does this work with a log source of McAfee SaaS Web Protection Service? I have followed your guide and this works great with a web gateway and CSR Log source of McAfee Web Gateway 7.x but nothing is populated in User-Defined 1 when using the WGCS log source. 

Can you confirm it works with MGCS and that custom fields in Access.log log handler are used in WGCS.

It will not work with automated log pull from WGCS with any CSR version up to and including current 2.6. The reason is the process name information is not currently part of the standard CSR schema. That's also why you need to use User-Defined field with MWG. CSR 2.6 also pulls version 4 from the WGCS API and process name is only available in version 5 and later logs. So you could write a script to download version 5 and put the downloaded file in a repository that CSR can pull from and then define a user defined field for the import in the file based log source.

Link to example powershell script you could run on CSR or other Windows

https://community.mcafee.com/t5/Documents/Web-Gateway-Cloud-Service-Cloud-Log-Puller-for-Windows/ta-...

Link to example bash script you could run on MWG or other Linux:

https://community.mcafee.com/t5/Web-Gateway/Example-Bash-Script-for-Log-Pull-from-Web-Gateway-Cloud-...

Thanks! Invaluable information!

Do we know if a future version of CSR will support WGCS Reporting API v5?

I tried to find the property in our configuration 7.7.2.19 but I don't find it?

I think you made a mistake. In your example xml file the version is 7.8.2... so I expect this property was new in 7.8.2 instead of 7.7.2

Thanks, I believe you are correct. I couldn't find the appropriate reference guides or anything in the release notes so I edited above to reflect 7.8.2 because I know its there for sure. I will do some more investigation and if its available in an earlier release, I will update again.