- KNOWLEDGE BASE
- DEVICE INTEGRATION
-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
McAfee Web Gateway
This article describes the steps to configure McAfee Web Gateway
- Configure the syslog daemon.
- In File Editor, open the syslog daemon configuration file.
- Locate the line similar to: *.info;mail.none;authpriv.none;cron.none /var/log/messages and replace it with *.info;daemon.!=info;mail.none;authpriv.none;cron.none -/var/log/messages. This prevents messages from being written to the /var/log/messages file, which could fill the /var partition.
- At the end of the file, add a line: daemon.info;auth.=info @<syslog server IP address>:514.
- Create a rule to send all access log data to the syslog server.
- Create a rule to send the logline to syslog.
- Download and install the McAfee SIEM (Nitro) logging ruleset and the CEF syslog format ruleset.
- If you want to send audit logs to syslog, click Configuration > Alloiances > Log File Manager > Settings for the Audit Log and select Write audit log to syslog.
Audit events are sent using the auth facility at the informational severity (6). So your rsyslog configuration would specify auth.=info.