cancel
Showing results for 
Search instead for 
Did you mean: 

MWG 7.6.2 log problem

Jump to solution

Hello all,

I have a big logging problem.

The MWG does the logging, BUT i have no value, therefore i have nothing in the      Troubleshooting / log files / "access.log"

- Log Handler setting are default.

- Rules are default.

- Access_denied.log works fine! (uses the similar default settings, so i don't know why not working the "normal" access.log)

Uploaded screenshots, to help you identify my problem.

Thanks!

Problem: NO VALUE

problem.PNG

No value means NOTHING in the log. (problem warning: file low size)

My main problem:

problem3.PNG

Settings are default in:

- Log Handler

- Rule Sets

- etc..

problem2.PNG

Thanks for helping me.

1 Solution

Accepted Solutions
Highlighted
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: MWG 7.6.2 log problem

Jump to solution

Hi Flora,

You're writing the log data to a different property than whats going to the log file.

You're writing the log data to User-Defined.X-Incident-Appliance-Name, but your writing User-Defined.logline to the actual log file.

Change the "set" to User-Defined.logline instead of  User-Defined.X-Incident-Appliance-Name.


Best Regards,

Jon

4 Replies
Highlighted
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: MWG 7.6.2 log problem

Jump to solution

Hi Flora,

You're writing the log data to a different property than whats going to the log file.

You're writing the log data to User-Defined.X-Incident-Appliance-Name, but your writing User-Defined.logline to the actual log file.

Change the "set" to User-Defined.logline instead of  User-Defined.X-Incident-Appliance-Name.


Best Regards,

Jon

Re: MWG 7.6.2 log problem

Jump to solution

Thank you Jon. I made the change.

When i made it, there was 3 inconsistent error. I had to delete 3 lines in the "Event" to make it work.

Why i had to delete these 3 in order to make it work (the edit finish button was grayed out)  ??

List.OfCategory.ToString (URL.Categories)

String.ReplaceIfEquals (URL.ReputationString)

List.OfString.ToString (Antimalware,. VirusName)

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: MWG 7.6.2 log problem

Jump to solution

Hi Flora,

You shouldnt have had to delete those items in the event. Perhaps you just needed to reference settings for those?

You can reference "Most recently used setting".

I would suggest importing the access log ruleset in from the library again as your logging will be missing critical information without those things.

Best Regards,

Jon

Re: MWG 7.6.2 log problem

Jump to solution

Thats a good idea, i should have thought about it...

Thank you.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center