cancel
Showing results for 
Search instead for 
Did you mean: 
idreeskm
Level 7

Mcafee Web Gateway -- sending Audit Log to Splunk server

Greetings everyone, any body has an Idea how to send the Audit Log of Mcafee Web gateway Version 7.5 to the Splunk server. your help is appreciated.

Thanks.

Regards,

0 Kudos
3 Replies
sbrinkhoff
Level 7

Re: Mcafee Web Gateway -- sending Audit Log to Splunk server

Just install the Splunk Universal Forwarder on the Appliance or Virtual Machine, it works like a charm

0 Kudos
idreeskm
Level 7

Re: Mcafee Web Gateway -- sending Audit Log to Splunk server

Greetings, thanks a lot for your reply and your time, we already have a splunk environment set up, and we have info logs and user usage already passing to splunk from Mcafee Web Gateway, but what I need is sending Audit log as well to splunk, what configuration I have to do from the Mcafee Web Gateway rsyslog.conf, thanks again for your reply.

Regards,

0 Kudos
sbrinkhoff
Level 7

Re: Mcafee Web Gateway -- sending Audit Log to Splunk server

Trust me, there are so many advantages in using the splunk universal forwarder, you do want to have them!

* It buffers the logs in times you need to update/Reboot the splunk server so you do not loose any log lines

* It compresses and encrypts the data transfered to your splunk server

* you can install splunk on splunk to have nice overview of your hardware

* + + +

0 Kudos