3 Replies Latest reply on Aug 28, 2012 1:02 PM by Jon Scholten

    Configure syslog on MWG 6.9.1


      Hi Guys,


      I need send MWG's logs to a syslog server (UDP 514) but i don't know how to do it. Can you help me with this?. I opened a case in McAfee Support (3-2375677251) and the engineer told me that the MWG 6.9.1 doesn't support syslog.





        • 1. Re: Configure syslog on MWG 6.9.1



          syslog is very limited on 6.9.1. What information would you like to log via syslog?




          • 2. Re: Configure syslog on MWG 6.9.1

            Hi Andre,


            I need to send the logs to a Event Correlator, so i need to send all level of information that the MWG can.







            • 3. Re: Configure syslog on MWG 6.9.1
              Jon Scholten

              Hi Alek,


              Sending log data over syslog with MWG 6.9 is not easy, and is not recommended.


              In MWG 6 it would require that you configure a custom action for every setting in the GUI. So wherever you have a "block", you need to specify a new "block and syslog -- custom" action. Wherever you have an "allow" event, you need to configure an "allow and syslog custom" action. So you will need to look in every spot for every policy in the GUI to do this, its not easy.


              In contrast MWG 7, would simply require two changes.

              1) create the syslog event in the logging cycle (i.e. what data do you want sent to the syslog server)

              2) tell mwg where to send the data


              Hope this helps,