All Apps and Add-ons

Collecting Data from McAfee Web Gateway:

Splunk Employee
Splunk Employee

Hello all,

Any experiences around collecting data from McAfee Web Gateway: ?

WHich inputs.conf configuration should I use?

Any specific source Type?



0 Karma


i added two files to /opt/splunk/etc/apps/AppForMcAfeeWebGateway/local/ and then added an inputs.conf and indexes.conf file and my stuff started to work. hope this helps.

0 Karma



you can get the logs via syslog, using the splunk forwarder oder reading local files - it depends on your setup.

In any case you have to define the sourcetype manually, see the step #4 of the install instruction:
From the App, go to Settings > Data inputs and configure Log Input; click "More settings", select drop down "Set the source type" to "Manual" and type in "MWGaccess3". (see one of the screenshots).

best regards

0 Karma