Showing results for 
Search instead for 
Did you mean: 
Level 12
Report Inappropriate Content
Message 11 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

As a MWG customer who's just implemented Nitro --     one customization that I find enormously useful in our access.log files that the defaults miss out on are the inclusion of   remote server IP address and http referrer.  

I'm curious how the MWG and Nitro team interacts and where to most effectively suggest the PER that the  log grokking migrate in a direction that these get included by default. 

When you're chasing down network forensics to see how a host stumbled onto some nastiness,  in the days of fast flux dns and botnets using large numbers of fast flux domains,  if you're logging what the IP resolved to at the moment the request was made, you're missing stuff.  🙂

jscholte McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

The latest and greatest version of the McAfee SIEM/Nitro logging ruleset is available in the Content Security portal:

It was last updated April 4 2014. This thread is very old...

For a full best practice see the link below (but besure to use the ruleset from the online ruleset library):



Message was edited by: jscholte on 6/17/14 10:32:08 AM CDT
Level 7
Report Inappropriate Content
Message 13 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

Hi All,

I have an issue. I would like to setup MWG to send syslog with only level 3 (Alert) compliant for PCI-DSS. I have just configured as screenshot below but it still receiving many others log info. Anyone have idea for this. Many thanks for your comment.



Level 12
Report Inappropriate Content
Message 14 of 15

Re: Web Gateway and Nitro SIEM

Jump to solution

Dear all,

i have the same problems. Do you have any ideas for this? So i can config just some logs that compliance with pci dss.



Re: Web Gateway and Nitro SIEM

Jump to solution

Its a long shot but hoping someone could help!

I've configured as per the above to log from the MWG to the McAfee SIEM.

Working pretty good except for the fact that the "BytesFromClient" and "BytesTo Client" both record as "0" for all entries.

Anyone came across this before?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community