You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>McAfeeAntiSpam (29 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

McAfee AntiSpam

When you configure McAfee AntiSpam to send log data to Sheriff CSM, you can use the McAfee AntiSpam plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor McAfee
Device Type Mail Security
Connection Type Syslog
Data Source Name mcafee-antiSpam
Data Source ID 1618

Integrating McAfee AntiSpam

Before you configure the McAfee AntiSpam integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure McAfee AntiSpam to send Syslog messages to Sheriff CSM
  1. Log in to the Appliance Management Console.

  2. Select System > Logging > Alerting and SNMP > System Log Settings.

  3. Click Enable system log events.

  4. Choose the CEF logging format.

  5. Select Off-box system log and then click Add Server.

  6. Add the Sheriff CSM Sensor server name and Port (the default is 514).

    Note: TCP is used as the transport mechanism for syslog because of the large amount of data that can be sent, which would exceed a UDP packet size.

  7. Click Apply Changes.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.mcafee.com

For troubleshooting, see the vendor documentation.
Edit  | Attach | Print version | History: r8 < r7 < r6 < r5 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r8 - 29 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.