I've followed quite a bit of the advice on this page in setting up my web gateway. This is a great community.
I'm using rsyslog to send data to my splunk instance. I've found, though, that rsyslog isn't particularly tolerant to network interruption, or failure of the listener on the splunk side, so I have a question.
I've installed a splunk universal forwarder on my test appliances and VMs, to make the relationship between MWG and splunk a bit more robust, and so far, I've not had any fallout.
Obviously, adding packages to the appliances is not something Mcafee is likely to support, but:
Has anyone else ever done this, and if so, how has it worked for you?