A log file protocol source allows IBM
QRadar to retrieve archived log
files from a remote host. The McAfee Web Gateway DSM supports the bulk loading of
access.log files by using the log file protocol source. The default directory
for the McAfee Web Gateway access logs is the
/opt/mwg/log/user-defined-logs/access.log/ directory.
About this task
You can now configure the log source and protocol in QRadar.
Procedure
-
To configure QRadar to
receive events from a McAfee Web Gateway appliance, select McAfee Web Gateway
from the Log Source Type list.
-
To configure the protocol, you must select the Log File option from the
Protocol Configuration list.
-
To configure the File Pattern parameter, you must type a regex string
for the access.log file, such as access[0-9]+\.log.
Note: If you selected to GZIP your access.log files, you
must type access[0-9]+\.log\.gz for the FIle Pattern
field and from the Processor list, select GZIP.