All Apps and Add-ons

Collecting Data from McAfee Web Gateway: 7.3.2.8.0

Splunk Employee
Splunk Employee

Hello all,

Any experiences around collecting data from McAfee Web Gateway: 7.3.2.8.0 ?

WHich inputs.conf configuration should I use?

Any specific source Type?

Thanks-

Wellington

0 Karma

Contributor

i added two files to /opt/splunk/etc/apps/AppForMcAfeeWebGateway/local/ and then added an inputs.conf and indexes.conf file and my stuff started to work. hope this helps.

0 Karma

Motivator

Hello,

you can get the logs via syslog, using the splunk forwarder oder reading local files - it depends on your setup.

In any case you have to define the sourcetype manually, see the step #4 of the install instruction:
From the App, go to Settings > Data inputs and configure Log Input; click "More settings", select drop down "Set the source type" to "Manual" and type in "MWGaccess3". (see one of the screenshots).

best regards
Pavel

0 Karma