Absent Member.
Absent Member.
1202 views

McAfee Web Gateway connector

Jump to solution


Hello,

Has anybody managed to collect  data from McAfee Web Gateway 7.3.1. I have tried the SmartConnector for McAfee Web Gateway but this seems to support up to 6.8 only. The data is parsed incorrectly and only appears in the message field.

Is a flexconnector a better option?

Thanks in advance.

Steve

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Cadet 1st Class
Cadet 1st Class

It seems that starting MWG 7.x , Mcafee web gateway supports syslog in CEF format .

Steps to implement can be found at :

McAfee Communities: Best Practices: Configuring Syslog on Web Gateway 7.x

View solution in original post

0 Likes
5 Replies
Absent Member.
Absent Member.

Hi,

We have arcsight 4.5 version and also have same problem about parsing. All info is coming in a message and many of the fields are empty..I need a permanent solution.. I installed new smart connectors and took the McAfee logs on that connector, but still have the same problem.

Thanks.

Yusuf

0 Likes
Cadet 1st Class
Cadet 1st Class

It seems that starting MWG 7.x , Mcafee web gateway supports syslog in CEF format .

Steps to implement can be found at :

McAfee Communities: Best Practices: Configuring Syslog on Web Gateway 7.x

View solution in original post

0 Likes
Absent Member.
Absent Member.

Thanks - we finally revisited this, and it is now working well with the syslog connector

0 Likes
Absent Member.
Absent Member.

Hi Steven,

Can you please share me the steps to integrate the McAfee Webgateway connector to ArcSight.

1. How you push the logs from McAfee Web GT 7.3 to smart connector server. (Syslog push or FTP or any other)

2. Is there any supporting connector is available for McAfee web GT 7.3 version.

0 Likes
Commander
Commander

Hi Steven,


We are integrating mcafee webgateway 7.3 and foungd out that except virusfound logs none of the other logs are parsing.

Could you please let us know how did you manage to use syslog connector in this case.

It would be really helpful if you can share the details

Thank you,

Raghav

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.