Showing results for 
Search instead for 
Did you mean: 
Level 12
Report Inappropriate Content
Message 11 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

As a MWG customer who's just implemented Nitro --     one customization that I find enormously useful in our access.log files that the defaults miss out on are the inclusion of   remote server IP address and http referrer.  

I'm curious how the MWG and Nitro team interacts and where to most effectively suggest the PER that the  log grokking migrate in a direction that these get included by default. 

When you're chasing down network forensics to see how a host stumbled onto some nastiness,  in the days of fast flux dns and botnets using large numbers of fast flux domains,  if you're logging what the IP resolved to at the moment the request was made, you're missing stuff.  :-)

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 12 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

The latest and greatest version of the McAfee SIEM/Nitro logging ruleset is available in the Content Security portal:

It was last updated April 4 2014. This thread is very old...

For a full best practice see the link below (but besure to use the ruleset from the online ruleset library):



Message was edited by: jscholte on 6/17/14 10:32:08 AM CDT
Level 7
Report Inappropriate Content
Message 13 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

Hi All,

I have an issue. I would like to setup MWG to send syslog with only level 3 (Alert) compliant for PCI-DSS. I have just configured as screenshot below but it still receiving many others log info. Anyone have idea for this. Many thanks for your comment.



Level 12
Report Inappropriate Content
Message 14 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

Dear all,

i have the same problems. Do you have any ideas for this? So i can config just some logs that compliance with pci dss.




Re: Web Gateway and Nitro SIEM

Jump to solution

Its a long shot but hoping someone could help!

I've configured as per the above to log from the MWG to the McAfee SIEM.

Working pretty good except for the fact that the "BytesFromClient" and "BytesTo Client" both record as "0" for all entries.

Anyone came across this before?

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.