Sending syslog data to McAfee Enterprise Security Manager

Data that is logged on Web Gateway in syslog log files can be sent to McAfee® Enterprise Security Manager (McAfee ESM).

The data transfer is controlled by a rule in a rule set that is available in the online rule set library for Web Gateway. The component of McAfee ESM that the data is sent to is the McAfee SIEM Receiver.

To enable the transfer, you adapt a system file for remote use of syslog data on Web Gateway. The name of this system file is rsyslog (the r in the file name stands for remote). You must also configure the McAfee SIEM Receiver to let Web Gateway be included as a data source in the McAfee ESM environment.

Version 9.3.2 or a later version of McAfee ESM is required for the data transfer to work.