All Apps and Add-ons

Import log file?

pcsaeed
Explorer

Hi

Can someone explain how i "Import MWGaccess3_for_MWG7.3-7.4.xml in MWG7 into the Default Log Handler - it will create a new log file with the required fields." because i'm clearly missing something simple?

Thanks in advance.

Saeed

1 Solution

PavelP
Motivator

Hello Saeed,

this App requires an access log file which is different from the default one. Instead of modifying the existing access.log we simply import a xml file which creates an another log for you and leaves your access.log untouched.

So log in on your MWG, create a configuration backup, then go to Policies > Rule Sets > Log Handler, right click on the "Default" > Add > Rule Set from Library. A new windows will appear where you click the button "Import from file", choose the xml file, click "Auto-Solve Conflicts..." > choose "Solve by referring to existing objects" and click OK and "Save Changes".

Screenshots:

   www.compek.net/Import_Rule_Set_from_Library.png
   www.compek.net/Import_Rule_Set_from_Library2.png
   www.compek.net/Import_Rule_Set_from_Library3.png

Additionally you can modify your setup as described in the documentation ("Adjust the app for your environment").

Let me know if you have further questions.

Regards

View solution in original post

pcsaeed
Explorer

I think i fixed it
I added a syslog event (6) at the end of the "prepare gwaccess3.log" step.
Looks to be working.

Thanks for your help!

PavelP
Motivator

Hello Saeed, all right! I'll add a predefined syslog rule and a description in the new version.

0 Karma

pcsaeed
Explorer

Cool Thanks!

Just one other question and I'm sure this is simple and I just can't find it.
I've setup the Web Gateway to send syslog to my splunk server. I've setup UDP to to listen for the MWGaccess3 source type.
What i'm not sure about is how to view the data using the app?
Sorry for the dumb questions. Your help is greatly appreciated.

Saeed

0 Karma

jbrocks
Communicator

Hi,

old post, but I still got a question:
So the .xml -File must be imported in the MWG, NOT in the Splunk MWG AddOn? Am I right with that?

0 Karma

PavelP
Motivator

Hello Saeed,

this App requires an access log file which is different from the default one. Instead of modifying the existing access.log we simply import a xml file which creates an another log for you and leaves your access.log untouched.

So log in on your MWG, create a configuration backup, then go to Policies > Rule Sets > Log Handler, right click on the "Default" > Add > Rule Set from Library. A new windows will appear where you click the button "Import from file", choose the xml file, click "Auto-Solve Conflicts..." > choose "Solve by referring to existing objects" and click OK and "Save Changes".

Screenshots:

   www.compek.net/Import_Rule_Set_from_Library.png
   www.compek.net/Import_Rule_Set_from_Library2.png
   www.compek.net/Import_Rule_Set_from_Library3.png

Additionally you can modify your setup as described in the documentation ("Adjust the app for your environment").

Let me know if you have further questions.

Regards

pcsaeed
Explorer

Cool Thanks!

Just one other question and I'm sure this is simple and I just can't find it.
I've setup the Web Gateway to send syslog to my splunk server. I've setup UDP to to listen for the MWGaccess3 source type.
What i'm not sure about is how to view the data using the app?
Sorry for the dumb questions. Your help is greatly appreciated.

Saeed

0 Karma

trross33
Path Finder

Thank you for this PaveIP

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...