How we can send audit log of McAfee Web Gateway 7.6 to SIEM with syslog, currently syslog sending only access log to SIEM.
Depending on your exact version of 7.6 (I want to say it was introduced in 220.127.116.11), you can enable sending audit logs to syslog directly within the appliance. This will send to local syslog, but then you can enable forwarding within the rsyslog.conf file for the appliances.
Sending audit logs to syslog
Forwarding to a remote syslog server (e.g. SIEM or any other log handler):
For syslog over UDP:
:msg, contains, "WebGateway" @x.x.x.x:514
For syslog over TCP:
:msg, contains, "WebGateway" @@x.x.x.x:514