All Apps and Add-ons

Collecting Data from McAfee Web Gateway: 7.3.2.8.0

wdeoliveira_spl
Splunk Employee
Splunk Employee

Hello all,

Any experiences around collecting data from McAfee Web Gateway: 7.3.2.8.0 ?

WHich inputs.conf configuration should I use?

Any specific source Type?

Thanks-

Wellington

0 Karma

sbattista09
Contributor

i added two files to /opt/splunk/etc/apps/AppForMcAfeeWebGateway/local/ and then added an inputs.conf and indexes.conf file and my stuff started to work. hope this helps.

0 Karma

PavelP
Motivator

Hello,

you can get the logs via syslog, using the splunk forwarder oder reading local files - it depends on your setup.

In any case you have to define the sourcetype manually, see the step #4 of the install instruction:
From the App, go to Settings > Data inputs and configure Log Input; click "More settings", select drop down "Set the source type" to "Manual" and type in "MWGaccess3". (see one of the screenshots).

best regards
Pavel

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...