McAfee Web Gateway is a high-performance secure web gateway with threat protection in one unified appliance software architecture.
Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
It is possible to configure McAfee Web Gateway to send data that is recorded in the access log to a syslog server.
Data about requests for web access that Web Gateway receives from its clients is recorded in the access log. The recording is performed by a rule in a rule set for log handling, which is enabled by default. By adding another rule this data can be made available to a daemon, which sends it to a particular syslog server.
The recorded data includes date and time of a request, the user name of the user who sent the request, the requested URL, and other information. It is possible to modify the configuration to record more or different information about web access.
The data can be sent under different protocols and in different formats. It is possible to also configure a severity level to send, for example, only data about emergencies.
To send the data, complete the following steps:
These activities must be completed on every Web Gateway appliance that access log data are to be sent from. In a similar way, it is possible to also configure the sending of other log data.
Data can be sent to a syslog server under the UDP or TCP protocol. See the agent installation instructions to determine which port and protocol to use.
Data is sent to syslog servers in different formats, depending on the server type. If in doubt, ask the administrator who is responsible for the syslog server.
SOC.OS recommends sending data in CEF format.
https://www.mcafee.com/enterprise/en-us/products/web-gateway/getting-started.html
https://kc.mcafee.com/corporate/index?page=content&id=KB77988&actp=RSS
https://docs.mcafee.com/bundle/web-gateway-8.0.x-product-guide/page/GUID-9CA18FAC-B911-4532-9997-B20FA7891344.html