All Apps and Add-ons

Import log file?

Explorer

Hi

Can someone explain how i "Import MWGaccess3forMWG7.3-7.4.xml in MWG7 into the Default Log Handler - it will create a new log file with the required fields." because i'm clearly missing something simple?

Thanks in advance.

Saeed

1 Solution

Motivator

Hello Saeed,

this App requires an access log file which is different from the default one. Instead of modifying the existing access.log we simply import a xml file which creates an another log for you and leaves your access.log untouched.

So log in on your MWG, create a configuration backup, then go to Policies > Rule Sets > Log Handler, right click on the "Default" > Add > Rule Set from Library. A new windows will appear where you click the button "Import from file", choose the xml file, click "Auto-Solve Conflicts..." > choose "Solve by referring to existing objects" and click OK and "Save Changes".

Screenshots:

   www.compek.net/Import_Rule_Set_from_Library.png
   www.compek.net/Import_Rule_Set_from_Library2.png
   www.compek.net/Import_Rule_Set_from_Library3.png

Additionally you can modify your setup as described in the documentation ("Adjust the app for your environment").

Let me know if you have further questions.

Regards

View solution in original post

Explorer

I think i fixed it
I added a syslog event (6) at the end of the "prepare gwaccess3.log" step.
Looks to be working.

Thanks for your help!

Motivator

Hello Saeed, all right! I'll add a predefined syslog rule and a description in the new version.

0 Karma

Explorer

Cool Thanks!

Just one other question and I'm sure this is simple and I just can't find it.
I've setup the Web Gateway to send syslog to my splunk server. I've setup UDP to to listen for the MWGaccess3 source type.
What i'm not sure about is how to view the data using the app?
Sorry for the dumb questions. Your help is greatly appreciated.

Saeed

0 Karma

Communicator

Hi,

old post, but I still got a question:
So the .xml -File must be imported in the MWG, NOT in the Splunk MWG AddOn? Am I right with that?

0 Karma

Motivator

Hello Saeed,

this App requires an access log file which is different from the default one. Instead of modifying the existing access.log we simply import a xml file which creates an another log for you and leaves your access.log untouched.

So log in on your MWG, create a configuration backup, then go to Policies > Rule Sets > Log Handler, right click on the "Default" > Add > Rule Set from Library. A new windows will appear where you click the button "Import from file", choose the xml file, click "Auto-Solve Conflicts..." > choose "Solve by referring to existing objects" and click OK and "Save Changes".

Screenshots:

   www.compek.net/Import_Rule_Set_from_Library.png
   www.compek.net/Import_Rule_Set_from_Library2.png
   www.compek.net/Import_Rule_Set_from_Library3.png

Additionally you can modify your setup as described in the documentation ("Adjust the app for your environment").

Let me know if you have further questions.

Regards

View solution in original post

Explorer

Cool Thanks!

Just one other question and I'm sure this is simple and I just can't find it.
I've setup the Web Gateway to send syslog to my splunk server. I've setup UDP to to listen for the MWGaccess3 source type.
What i'm not sure about is how to view the data using the app?
Sorry for the dumb questions. Your help is greatly appreciated.

Saeed

0 Karma

Path Finder

Thank you for this PaveIP

0 Karma