cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 11

McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

Hi Experts,

I am trying to integrate the McAfee Web Gateway ver. 7 with the Symantec Security Information Manager (SIEM tool) but not aware of how to successfully integrate it with SSIM.

I have followed with McAfee Support but failed to do the same with their suggestion also neither have much hands on experience on MWG product.

I goal is to capture the access logs of MWG to SSIM using syslog forwarding or if any other way out to integrate the same with SSIM.

Any kind of help on this will be very grateful to all of you guyz.

Message was edited by: shahnawaz.kohati@gmail.com on 9/5/12 9:53:54 AM CDT
1 Solution

Accepted Solutions
eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 4 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

I mis read your original email. I thought you already had the rule in the access log, but that was a previous screen shot.

Go into the Log handler Rule and add a new rule to the end of the access log:

Capture.jpg

Next

Capture2.jpg

Next

Capture3.jpg

Next

Capture4.jpg

Parameters button

Capture5.jpg

Parameter 2

Capture6.jpg

Save.

Then make the changes to rsyslog.conf as described in the previous message.

This will syslog our default access log format to SSIM, however, we have no idea if that format is acceptable to that product and if it will parse properly.

View solution in original post

10 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

Hi,

Can anybody help me in creating this setting in the MWG console. I need detailed step by step information.

(highlighted in blue box).

Setting shud b like this.JPG

eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 3 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

The only thing you are missing is setting rsyslog.conf to forward the traffic to the IP of the syslog server.

Capture.jpg

eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 4 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

I mis read your original email. I thought you already had the rule in the access log, but that was a previous screen shot.

Go into the Log handler Rule and add a new rule to the end of the access log:

Capture.jpg

Next

Capture2.jpg

Next

Capture3.jpg

Next

Capture4.jpg

Parameters button

Capture5.jpg

Parameter 2

Capture6.jpg

Save.

Then make the changes to rsyslog.conf as described in the previous message.

This will syslog our default access log format to SSIM, however, we have no idea if that format is acceptable to that product and if it will parse properly.

View solution in original post

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

Dear eelsasser,

Thanks you very much for explaining me in detailed. I am very grateful to you.

This works for me and now we are able to receive the access logs of MWG at SIEM tool.

Its great to have a wonderful friend like you here.

eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 6 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

You are welcome. I am happy to help.

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

Hi Eelsasser,

I need ur help again, Is this MWG version 7 can forward logs to McAfee EPO server. If yes, then can you please let me know the procedure of doing the same in steps.

Waiting for ur update on this thread at the earliest...

eelsasser
McAfee Retired
McAfee Retired
Report Inappropriate Content
Message 8 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

MWG does not send logs directly to ePO. It can send some basic statistics and a few other integrations with ePO, but not the logs directly.

You CAN send the logs to Content Security Reporter. CSR is the successor to Web Reporter.

CSR is a reporting tools that accepts logs, processes them into a database and allows the output to be viewed in ePO.

You need to create a CSR server and load the software, then connect it to ePO to generate dashboards, queries and reports.

Former Member
Not applicable
Report Inappropriate Content
Message 9 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

Dear Eelsasser,

Do we have any document regarding this or any link or product document ....

Former Member
Not applicable
Report Inappropriate Content
Message 10 of 11

Re: McAfee Web Gateway ver. 7 to be integrated with SIEM tool (Symantec Security Information Manager).

Jump to solution

Dear Eelsasser,

Do we have any option here in MWG console to forward the access logs of MWG to epo server OR CSR server.

And do we have DB for this MWG logs so that I can create a user on DB to read the logs of it and the same user can be configured on SIEM tool to capture the logs at SIEM.

Can you please brief me about the EPO component and Conent Security Reporter in MWG...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community