Device | Details |
---|---|
Vendor | McAfee |
Device Type | Gateway |
Connection Type | Syslog |
Data Source Name | mcafee-mwg |
Data Source ID | 1699 |
/etc/rsyslog.conf
directly.
To configure McAfeeWeb Gateway to send log data to Sheriff CSM rsyslog.conf.
Look for a line similar to the following:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
Make sure that the syslog daemon does not write any messages coming from the daemon facility (McAfeeWeb Gateway) with the level "info" to the /var/log/messages
file by replacing it with the following line:
*.info;daemon.!=info;mail.none;authpriv.none;cron.none -/var/log/messages
Important: This updated line ensures that the syslog daemon does not write any messages from the daemon facility (the McAfeeWeb Gateway) with info
level, to the /var/log/messages
file. Capturing and writing "info" level messages generates a high volume of messages, which could overflow the /var
partition.
Send the data to a syslog server using UDP by adding a line like the one below to the end of the file:
daemon.info @<Sheriiff-CSM-Sensor-IP-Address>:514
Enable CEF format, as shown in the following figures.