3 Replies Latest reply on Aug 28, 2012 1:02 PM by Jon Scholten

    Configure syslog on MWG 6.9.1

    agil

      Hi Guys,

       

      I need send MWG's logs to a syslog server (UDP 514) but i don't know how to do it. Can you help me with this?. I opened a case in McAfee Support (3-2375677251) and the engineer told me that the MWG 6.9.1 doesn't support syslog.

       

      Thanks,

       

      Alek

        • 1. Re: Configure syslog on MWG 6.9.1
          asabban

          Hello,

           

          syslog is very limited on 6.9.1. What information would you like to log via syslog?

           

          Best,

          Andre

          • 2. Re: Configure syslog on MWG 6.9.1
            agil

            Hi Andre,

             

            I need to send the logs to a Event Correlator, so i need to send all level of information that the MWG can.

             

            Thanks

             

            Regards

             

            Alek

            • 3. Re: Configure syslog on MWG 6.9.1
              Jon Scholten

              Hi Alek,

               

              Sending log data over syslog with MWG 6.9 is not easy, and is not recommended.

               

              In MWG 6 it would require that you configure a custom action for every setting in the GUI. So wherever you have a "block", you need to specify a new "block and syslog -- custom" action. Wherever you have an "allow" event, you need to configure an "allow and syslog custom" action. So you will need to look in every spot for every policy in the GUI to do this, its not easy.

               

              In contrast MWG 7, would simply require two changes.

              1) create the syslog event in the logging cycle (i.e. what data do you want sent to the syslog server)

              2) tell mwg where to send the data

               

              Hope this helps,

              Jon