Configure the sending of syslog data

To send syslog data that is collected on Web Gateway to McAfee ESM, complete the following high-level steps.

Task

  1. Import the McAfee SIEM rule set from the online rule set library for Web Gateway. Place it as a nested rule set in the default Log Handler rule set.
    In the online rule set library, this rule set is available under SIEM (Nitro) Integration.
  2. In the imported rule set, enable the Send to syslog rule and disable the Send to nitro.log rule.
  3. Use the File Editor to adapt the rsyslog system file for the data transfer.
    If you are running multiple Web Gateway appliances in a Central Management cluster, adapt the system file on every appliance within the cluster.
  4. On McAfee ESM, configure the McAfee SIEM Receiver to let Web Gateway be added as a data source.
    For more information, see the documentation for McAfee ESM and the Data Source Configuration Guide. The guide is provided in the online rule set library under SIEM (Nitro) Integration.