Sending syslog data to McAfee Enterprise Security Manager Data that is logged on Web Gateway in syslog log files can be sent to McAfee® Enterprise Security Manager (McAfee ESM). The data transfer is controlled by a rule in a rule set that is available in the online rule set library for Web Gateway. The component of McAfee ESM that the data is sent to is the McAfee SIEM Receiver. To enable the transfer, you adapt a system file for remote use of syslog data on Web Gateway. The name of this system file is rsyslog (the r in the file name stands for remote). You must also configure the McAfee SIEM Receiver to let Web Gateway be included as a data source in the McAfee ESM environment. Version 9.3.2 or a later version of McAfee ESM is required for the data transfer to work. Configure the sending of syslog data To send syslog data that is collected on Web Gateway to McAfee ESM, complete the following high-level steps. Adapt the rsyslog system file for the data transfer Adapt the rsyslog system file on Web Gateway to ensure that syslog data is successfully sent to McAfee ESM. Fine-tuning the collection and evaluation of syslog data Several fine-tuning activities can be performed to ensure that relevant syslog data is collected on Web Gateway and efficiently evaluated on McAfee ESM. Resolving issues with the transfer of syslog data To resolve issues with sending syslog data from Web Gateway to McAfee ESM, several measures can be taken. Parent topic: Monitoring
Sending syslog data to McAfee Enterprise Security Manager Data that is logged on Web Gateway in syslog log files can be sent to McAfee® Enterprise Security Manager (McAfee ESM). The data transfer is controlled by a rule in a rule set that is available in the online rule set library for Web Gateway. The component of McAfee ESM that the data is sent to is the McAfee SIEM Receiver. To enable the transfer, you adapt a system file for remote use of syslog data on Web Gateway. The name of this system file is rsyslog (the r in the file name stands for remote). You must also configure the McAfee SIEM Receiver to let Web Gateway be included as a data source in the McAfee ESM environment. Version 9.3.2 or a later version of McAfee ESM is required for the data transfer to work. Configure the sending of syslog data To send syslog data that is collected on Web Gateway to McAfee ESM, complete the following high-level steps. Adapt the rsyslog system file for the data transfer Adapt the rsyslog system file on Web Gateway to ensure that syslog data is successfully sent to McAfee ESM. Fine-tuning the collection and evaluation of syslog data Several fine-tuning activities can be performed to ensure that relevant syslog data is collected on Web Gateway and efficiently evaluated on McAfee ESM. Resolving issues with the transfer of syslog data To resolve issues with sending syslog data from Web Gateway to McAfee ESM, several measures can be taken. Parent topic: Monitoring