cancel
Showing results for 
Search instead for 
Did you mean: 
wajeeh_r
Level 9

If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

Dear All,

I've two devices operating as mgmt cluster so from doing change in one gateway it is also propagated to 2nd gateway. Before they were operating as standalone and I configured two log sources in the reporter. Now as they are in mgmt cluster if in gateway interface I go to Policy > Settings > file system logging > Access log configuration > expand 'settings for rotation, pushing and deletion'

See attached screen shot, so how to access second gateway log source ? OR it will be ONLY one source now ? because of mgmt cluster ?

When the devices were operating individually I configured two log sources in reporter, buw now I see in reporter only one log source is reporting i.e. attached one. Please clarify how to configure log source for 2nd device or not needed.

thanks,

Wajeeh

0 Kudos
1 Solution

Accepted Solutions
andyclements
Level 12

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

You can use "%h" as the user name on MWG, and create a log source for each web gateway on the web reporter, each using a MWG hostname as the user name. The %h will be translated into the appliance hostname during the push.

See https://kc.mcafee.com/corporate/index?page=content&id=KB76899 for more details and setup instructions.

0 Kudos
12 Replies
andyclements
Level 12

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

You can use "%h" as the user name on MWG, and create a log source for each web gateway on the web reporter, each using a MWG hostname as the user name. The %h will be translated into the appliance hostname during the push.

See https://kc.mcafee.com/corporate/index?page=content&id=KB76899 for more details and setup instructions.

0 Kudos
wajeeh_r
Level 9

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

Hello Andy,

the web link you provided is not opening with me, is it working with you ? Please let me know

When ever I click the link, I get below message:

You do not have access to this page

Please double check the URL or bookmark.
You will be redirected to the ServerPortal Home page in 10 seconds. If your page does not automatically refresh, please follow the link below:

although I've support account with McAfee, any ideas ?

0 Kudos
andyclements
Level 12

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

Looks like the forum is mangling the link.  Try copying and pasting the text displayed. I only have my phone at the moment, otherwise I would fix the link it tries to use. Basically make sure the ampersand is in the link properly, not using the html escaping.

0 Kudos
wajeeh_r
Level 9

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

Thanks for your response, later 'malware-alerts' provided with same link and it worked. I just only got chance today to do the change in MWG servers as given in that link, now I will monitor how it goes, it reads two log sources or not.

I will post back with update.

thanks guys.

Regards,

0 Kudos
malware-alerts
Level 10

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution
0 Kudos
wajeeh_r
Level 9

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

Hello Guys,

1_mwg_access_log.jpg

Since yesterday after I changed the settings as below in MWG, then today I checked in reporter, Administration> setup > Log sources> Jobs, I don't see any log processing jobs, any advise to trouble shoot this ? Till yesterday it was showing log processing for LogSource from MWG1 before making change but today nothing.

0 Kudos
malware-alerts
Level 10

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

In the "Troubleshooting" section of MWG:

  • Select "Log Files" from the left pane
  • Select "Debug" from the right pane (where all the folders are)
  • Look for the file "mwg-logmanager.out.log'"

This will give you somewhere to start your troubleshooting.

0 Kudos
wajeeh_r
Level 9

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

On the dashboard of MWG's I am getting error saying can not push /opt/mwg/log/user-defined-logs/access(filenumber) to https://10.1.99.46:9112/logloader

this message is same for MWG1 and MWG2

Yes, I configured usernames for the log soruces on web reporter to match host names of web gateways, any suggestions ?

0 Kudos
malware-alerts
Level 10

Re: If gateway operating in management cluster, Still two log sources to reporter?

Jump to solution

I'd start with a reset of the user's passwords just in case.

0 Kudos