Hi Everyone,

MWG v 7.3

1. Where can we find logs that MWG has Failed or successfully sent syslog to siem server?

2. Does MWG save the generated syslog to a file? where is it located?

It would be great if you can share to us how to monitor / troubleshoot syslog entry generated from MWG.


Follow up question for yout for verification... @@[IP address] - is for TCP

while [IP address] - is for UDP, is this correct?

What is the recommended protocol to use?


1) When I setup syslog to siem, I saw errors in the Log Files > MWG Errors > mwg.core.errors.log

There were entries such as

[2013-01-17 09:01:05.764 +00:00] [NotificationPlugin] [SyslogError] Dropping syslog entry because queue is full.

NB to fix I restarted the rsyslog service on the MWG

2) Depends on your conf file.   If you login via winscp or ssh you can see some logs like cron /messages in /var/log

3) syslog is best supported over udp. be sure to fully research whether your siem support syslog over tcp.

Here's some sites I found useful.

Finally there are loads of posts on this topic if you search for siem

Hope this helps :-)

