cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Webgateway - send VRRP events to Syslog Server

Hi, is it possible to sent vrrp events to a remote syslog server (splunk)? Right now we are not aware of any vrrp changes if we do not check the system/messages log.. Would it be possible to send the content of the "messages" file via syslog? 

Thanks in advance

0 Kudos
3 Replies
McAfee Employee

Re: McAfee Webgateway - send VRRP events to Syslog Server

Hi Renata,

If it's in /var/log/messages that means the message passed through the syslog daemon, so I would assume it's possible.

Did you try configuring a syslog rule like *.* @splunk ?

Best Regards,

Jon

0 Kudos

Re: McAfee Webgateway - send VRRP events to Syslog Server

Hi Jon, sorry for the delayed answer.. I configured daemon.info @splunkIP:514 but still do not get any logs into the siem
furthermore I found this entry in message log: kernel: Kernel logging (proc) stopped.

If I configure *.* @splunkIP , wouldn't the proxy send all kind of logs to the siem?

Thanks very much in advance

0 Kudos

Re: McAfee Webgateway - send VRRP events to Syslog Server

I've configured *.*... and this is what I see in our SIEM:this is not the message log

0 Kudos