I want to send the log files from the webgateway to a QRadar SIEM.
According to the IBM way of doing things (as described in the QRadar DSM guide), there is a file (log_handlers-1.1.tar.gz) which should be used:
"Importing the Syslog Log Handler About this task To Import a policy rule set for the syslog handler: Procedure 1. From the support website, download the following compressed file: log_handlers-1.1.tar.gz 2. Extract the file. The extract file provides XML files that are version dependent to your McAfee Web Gateway appliance."
Do you know where I can find that file?
As this moment the incoming logs are not recognized in QRadar.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.