Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
622 Views 3 Replies Latest reply: Feb 6, 2013 11:08 AM by itsec RSS
itsec Apprentice 65 posts since
Oct 24, 2012
Currently Being Moderated

Feb 5, 2013 10:17 AM

Web Reporter & Multiple appliances

Hi,

I have a single MWG7.3 and WR5.2 in my environement and I'm now going to be adding more appliances. I've found references to the following documents for setting up WR with mutiple appliances however FTP is disabled so I cannot check.

 

 

Are they all the same document?  I've managed to download the doc in this post which looks promising but want ot be sure I have up2date info

 

https://community.mcafee.com/message/234311#234311

 

Also, if I have configured SYSLOG to push to SIEM, do I also need to create additional log rules for each appliance here?

 

thanks

  • eelsasser McAfee SME 843 posts since
    Mar 24, 2010
    Currently Being Moderated
    1. Feb 5, 2013 11:11 AM (in response to itsec)
    Re: Web Reporter & Multiple appliances

    This document is a little dated for 7.0.

    I'm not sure exactly which version this was added, but you don't need to do the same with current versions.

     

    If you have multiple machines in a central management cluster, you can use the %h variable on the Destination and Host Autopushing parameters to provide unique values per appliance's host name.

     

    So if I setup Web Reporter to accept incoming log file files from 3 appliances: mwg7-1, mwg7-2 and mwg7-3 and those are the host names of each appliance, I can substitute %h for the username:

     

    Capture.png

     

    If I wanted to push the access log from each MWG to a different FTP directory, i would do something like this:

     

    Capture2.png

     

    You will need to make sure all the passwords are the same for each appliance because the shared configuration in a cluster gets replicated and the password cannot be substituted.

     

    As for Syslog, i don't know which SIEM you use, but most syslog servers identify the sources by the IP address of the sender. you may not need to have a seperate log source in your case.

     

    Spelling on 2/5/13 12:11:26 PM EST

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points