All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Import log file?

pcsaeed
Explorer
‎06-03-2014 11:33 PM

Hi

Can someone explain how i "Import MWGaccess3_for_MWG7.3-7.4.xml in MWG7 into the Default Log Handler - it will create a new log file with the required fields." because i'm clearly missing something simple?

Thanks in advance.

Saeed

Reply
1 Solution
Solved! Jump to solution
Solution

PavelP
Motivator
‎06-04-2014 01:27 PM

Hello Saeed,

this App requires an access log file which is different from the default one. Instead of modifying the existing access.log we simply import a xml file which creates an another log for you and leaves your access.log untouched.

So log in on your MWG, create a configuration backup, then go to Policies > Rule Sets > Log Handler, right click on the "Default" > Add > Rule Set from Library. A new windows will appear where you click the button "Import from file", choose the xml file, click "Auto-Solve Conflicts..." > choose "Solve by referring to existing objects" and click OK and "Save Changes".

Screenshots:

   www.compek.net/Import_Rule_Set_from_Library.png
   www.compek.net/Import_Rule_Set_from_Library2.png
   www.compek.net/Import_Rule_Set_from_Library3.png

Additionally you can modify your setup as described in the documentation ("Adjust the app for your environment").

Let me know if you have further questions.

Regards

View solution in original post

Reply
Solved! Jump to solution

pcsaeed
Explorer
‎06-05-2014 05:59 PM

I think i fixed it
I added a syslog event (6) at the end of the "prepare gwaccess3.log" step.
Looks to be working.

Thanks for your help!

Reply
Solved! Jump to solution

PavelP
Motivator
‎06-06-2014 05:11 AM

Hello Saeed, all right! I'll add a predefined syslog rule and a description in the new version.

0 Karma
Reply
Solved! Jump to solution

pcsaeed
Explorer
‎06-05-2014 04:45 PM

Cool Thanks!

Just one other question and I'm sure this is simple and I just can't find it.
I've setup the Web Gateway to send syslog to my splunk server. I've setup UDP to to listen for the MWGaccess3 source type.
What i'm not sure about is how to view the data using the app?
Sorry for the dumb questions. Your help is greatly appreciated.

Saeed

0 Karma
Reply
Solved! Jump to solution

jbrocks
Communicator
‎08-03-2018 03:08 AM

Hi,

old post, but I still got a question:
So the .xml -File must be imported in the MWG, NOT in the Splunk MWG AddOn? Am I right with that?

0 Karma
Reply
Solved! Jump to solution
Solution

PavelP
Motivator
‎06-04-2014 01:27 PM

Hello Saeed,

this App requires an access log file which is different from the default one. Instead of modifying the existing access.log we simply import a xml file which creates an another log for you and leaves your access.log untouched.

So log in on your MWG, create a configuration backup, then go to Policies > Rule Sets > Log Handler, right click on the "Default" > Add > Rule Set from Library. A new windows will appear where you click the button "Import from file", choose the xml file, click "Auto-Solve Conflicts..." > choose "Solve by referring to existing objects" and click OK and "Save Changes".

Screenshots:

   www.compek.net/Import_Rule_Set_from_Library.png
   www.compek.net/Import_Rule_Set_from_Library2.png
   www.compek.net/Import_Rule_Set_from_Library3.png

Additionally you can modify your setup as described in the documentation ("Adjust the app for your environment").

Let me know if you have further questions.

Regards

Reply
Solved! Jump to solution

pcsaeed
Explorer
‎06-05-2014 04:46 PM

Cool Thanks!

Just one other question and I'm sure this is simple and I just can't find it.
I've setup the Web Gateway to send syslog to my splunk server. I've setup UDP to to listen for the MWGaccess3 source type.
What i'm not sure about is how to view the data using the app?
Sorry for the dumb questions. Your help is greatly appreciated.

Saeed

0 Karma
Reply
Solved! Jump to solution

trross33
Path Finder
‎02-11-2016 07:52 AM

Thank you for this PaveIP

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top