McAfee Web Gateway
McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine.
Integration of McAfee Web Gateway with DNIF Adapter
To forward McAfee Web Gateway access logs to the DNIF Adapter
Log in to McAfee Web Gateway using web interface
Policy, Rule Sets, Log Handler.
Expand the appropriate
Log Handler and find the desired
logging rule that will also be used to log to syslog.
Log Handler is named
Access.log and the rule in this Log Handler is named Write access.log.
rule and click
On the Events section of the rule, click
Syslog (Number, String) and then click
For parameter 1.
Level (Number), enter the number 6 for the value. This indicates an
Informational level message.
For parameter 2.
Message (String), click the
Use Property button and select
OK, then click
OK again. In the Events section of the rule, you should now see Syslog
To forward McAfee Web Gateway audit logs to the DNIF Adapter
Audit logging is used to track changes made to the Web Gateway’s configuration, it also track’s login’s and logout’s.
To enable this feature check the box for
Write audit log to syslog
Configuration > Appliances > Log File Manager > Settings for the Audit Log > Write audit log to syslog.
Now that the
access log and audit log data is being recorded to syslog, modify the
File Editor tab.
Appliance Files and select the file
The file editor displays the
rsyslog.conf file for editing.
rsyslog.conf file to include the following information:
#Send MWG Access and Audit events daemon.info;auth.=info @DNIF-Adapter-IP:514 #Send all events *.* @DNIF-Adapter-IP:514
McAfee Web Gateway logs are now being streamed to the DNIF-ADAPTER.