Just install the Splunk Universal Forwarder on the Appliance or Virtual Machine, it works like a charm
Greetings, thanks a lot for your reply and your time, we already have a splunk environment set up, and we have info logs and user usage already passing to splunk from Mcafee Web Gateway, but what I need is sending Audit log as well to splunk, what configuration I have to do from the Mcafee Web Gateway rsyslog.conf, thanks again for your reply.
Trust me, there are so many advantages in using the splunk universal forwarder, you do want to have them!
* It buffers the logs in times you need to update/Reboot the splunk server so you do not loose any log lines
* It compresses and encrypts the data transfered to your splunk server
* you can install splunk on splunk to have nice overview of your hardware
* + + +