cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 3

McAfee CSR parser errors, what log header to use for syslog?

Jump to solution

Hi,

I am trying to send McAfeeWeb Gateway access.log to CSR over Syslog.

CSR version: 2.7

Attachec Error Messages

I don't find any document about the correct log header to use.

Please help!

Thanks

 
1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: McAfee CSR parser errors, what log header to use for syslog?

Jump to solution

Hi @uchiha 

 

the log header is configured in default log handler for Access.log if you follow for example this article:

https://kc.mcafee.com/corporate/index?page=content&id=KB77988

 

UI > Policy > Settings > Access Log Configuration

 

 

 

Header:

time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name"

 

 

Best Regards,
Sergej


If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: McAfee CSR parser errors, what log header to use for syslog?

Jump to solution

Hi @uchiha 

 

the log header is configured in default log handler for Access.log if you follow for example this article:

https://kc.mcafee.com/corporate/index?page=content&id=KB77988

 

UI > Policy > Settings > Access Log Configuration

 

 

 

Header:

time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name"

 

 

Best Regards,
Sergej


If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: McAfee CSR parser errors, what log header to use for syslog?

Jump to solution

Hello @uchiha 

 

2021-01-09 19:34:15,566 WARN  [com.mcafee.mesa.logparsing.parsers.builtins.ParseWebWasher] 
Missing URL field. Log format line invalid. (line=
#time_stamp url_host auth_user src_ip status_code req_line categories rep_level
media_type bytes_to_client user_agent virus_name block_res url_raw
)

 you have to check not only the header line but also the actual log structure (UI > Policy > Log Handler > Default > access.log ) which have to correspond with the header line. 

Post here screenshots of your access log configuration and access log structure

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community