Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1098 Views 3 Replies Latest reply: Sep 23, 2013 1:07 PM by prajoshgeorge RSS
prajoshgeorge Apprentice 66 posts since
May 9, 2012
Currently Being Moderated

Feb 20, 2013 9:01 AM

Audit Log via syslog

Hello,

How can I sent the audit log via syslog to a SIEM. I am currently using MWG 7.3.0.2.

I saw the below discussion for rsyslogd.conf

https://community.mcafee.com/message/261146#261146

I used the example to get the audit logs

 

I get the audit log entries but I get a single audit log entry in multiple lines. Is there any way to consolidate it into a single line or tag all the lines of the log entry with a unique ID so that the SIEM can identify them?

 

Thanks

 

Message was edited by: prajoshgeorge on 20/02/13 09:01:32 CST
  • Jon Scholten McAfee SME 853 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Feb 21, 2013 9:49 AM (in response to prajoshgeorge)
    Re: Audit Log via syslog

    I'm not to sure how this could be done from the Web Gateway's syslog module, this would most likley have to be done on the other side (syslog server).

     

    Perhaps look for a string of lines with the _______________________________ representing a new audit log entry?

     

    Other than that I dont there isnt away that I know of to control how the audit log writes its entries.

     

    Best,

    Jon

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points