Configure the MEG gateway to send logs to the QRadar® host IP address or port number that is defined in the log4j.xml
file.
Procedure
- From the computer that is running MEG, go to C:\ProgramData\MaaS360\Cloud
Extender\logs directory and locate the MobileGatewaylog4j.xml
file.
-
Uncomment the following section in the MobileGatewaylog4j.xml to replace
the HOST_IP_ADDRESS with the QRadar host
IP address.
<!--
Uncomment the following section to use the SyslogAppender to send
MEGAuth and MEGWebAuth logs to Qradar. Replace the HOST_IP_ADDRESS
With QRadar IP address.
-->
<!--
<appender class="ch.qos.logback.classic.net.SyslogAppender" name="SYSLOG">
<syslogHost>HOST_IP_ADDRESS</syslogHost>
<port>514</port>
<facility>AUTH</facility>
<suffixPattern>%msg</suffixPattern>
</appender>
-->
- Uncomment the syslog appender for the AuthenticationLogger and the
WebResourceAuthLogger.
<!-- Authentication Log Logger -->
<logger name="AuthenticationLogger">
<level value="info"/>
<appender-ref ref="AuthenticationLogsASyncAppender"/>
<!-- Uncomment the following section to add the SyslogAppender -->
<!-- <appender-ref ref="SYSLOG"/> -->
</logger>
<!-- Web Resource Authentication Log Logger -->
<logger name="WebResourceAuthLogger">
<level value="info"/>
<appender-ref ref="WebResourceAuthLogsASyncAppender"/>
<!-- Uncomment the following section to add the SyslogAppender -->
<!-- <appender-ref ref="SYSLOG"/> -->
</logger>
- Restart MEG.
- For firewalls that are running on MEG, create outbound rules for port 514.