I mis read your original email. I thought you already had the rule in the access log, but that was a previous screen shot.
Go into the Log handler Rule and add a new rule to the end of the access log:
Then make the changes to rsyslog.conf as described in the previous message.
This will syslog our default access log format to SSIM, however, we have no idea if that format is acceptable to that product and if it will parse properly.
Thanks you very much for explaining me in detailed. I am very grateful to you.
This works for me and now we are able to receive the access logs of MWG at SIEM tool.
Its great to have a wonderful friend like you here.
You are welcome. I am happy to help.
I need ur help again, Is this MWG version 7 can forward logs to McAfee EPO server. If yes, then can you please let me know the procedure of doing the same in steps.
Waiting for ur update on this thread at the earliest...
MWG does not send logs directly to ePO. It can send some basic statistics and a few other integrations with ePO, but not the logs directly.
You CAN send the logs to Content Security Reporter. CSR is the successor to Web Reporter.
CSR is a reporting tools that accepts logs, processes them into a database and allows the output to be viewed in ePO.
You need to create a CSR server and load the software, then connect it to ePO to generate dashboards, queries and reports.
Do we have any document regarding this or any link or product document ....
Do we have any option here in MWG console to forward the access logs of MWG to epo server OR CSR server.
And do we have DB for this MWG logs so that I can create a user on DB to read the logs of it and the same user can be configured on SIEM tool to capture the logs at SIEM.
Can you please brief me about the EPO component and Conent Security Reporter in MWG...