Professional Documents
Culture Documents
Disclaimer
This rule set along with all its associated files and documents is provided on an as-is basis. McAfee will not take
any responsibilities for problems, outages or any other issues resulting from using this rule set, or any of the files
associated.
Please be careful when importing the rule set into your existing policy. Make sure you understood what the rule
set is supposed to do and verified it does not interfere with any other rules that currently exist within your
configuration.
Many values used within the rules are example values and will most likely not fit your environment. Always make
sure that you have changed examples to real-life values.
Overview
This document will explain how to configure McAfee Web Gateway to send log lines via Syslog to FireEye.
Setup Syslog
Sample “rsyslog.conf”
Below you will find an example “rsyslog.conf” file. Please note that you will have to modify the sample and at
least add the correct IP address of the server receiving the syslog events. The location where the IP address
needs to be adjusted is marked as [IP_OF_EVENT_RECEIVER].
# default parameters
$DirCreateMode 0755
$FileCreateMode 0640
$FileGroup adm
$umask 0026
$IncludeConfig /etc/rsyslog.d/*.conf
6220 America Center Drive McAfee and the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered
San Jose, CA 95002 trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands
888.847.8766 may be claimed as the property of others. Copyright © 2021 McAfee, LLC. 0921 SEPTEMBER 2021.
www.mcafee.com
# Logging much else clutters up the screen.
# kern.* /dev/console
6220 America Center Drive McAfee and the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered
San Jose, CA 95002 trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands
888.847.8766 may be claimed as the property of others. Copyright © 2021 McAfee, LLC. 0921 SEPTEMBER 2021.
www.mcafee.com
• Pick the “Default” Log Handler
• Select “Add” -> “Rule Set From Library”
• Pick “Import from File”
• Refer to the rule set which comes with this documentation
• Choose “Refer to existing objects” when solving conflicts after the import
Help
In case of any questions/problems with the rule set or setting up “rsyslog” in general please refer to the McAfee
Web Gateway Communities at https://community.mcafee.com/community/business/email_web/webgateway
Please note that there is no official support for this rule set.
6220 America Center Drive McAfee and the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered
San Jose, CA 95002 trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands
888.847.8766 may be claimed as the property of others. Copyright © 2021 McAfee, LLC. 0921 SEPTEMBER 2021.
www.mcafee.com