McAfee Web Gateway sample event message
Use this sample event message to verify a successful integration with IBM® QRadar®.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
McAfee Web Gateway sample message when you use the Syslog protocol
The following sample event message shows that web access is verified.
<30>Oct 13 15:59:02 WebGatewayHost mwg: LEEF:1.0|McAfee|Web Gateway|8.2.9|0|devTime=1602597542000|src=10.10.10.10|usrName=user1|httpStatus=204|dst=10.20.10.20|urlCategories=Messaging|blockReason=|url=https://www.example.com/rt-pub/node/hub/negotiate?appId=180&sId=4A87EE607A615896&cId=8B1D&dev=Personal%20computer&br=Chrome&os=Windows&cc=IT&rc=RM&v=0.1| QRadar field name | Highlighted values in the event payload |
|---|---|
| Event ID | 0 |
| Event Category | This DSM doesn't have a category field to key from for the device in the payloads. QRadar provides the value as a static category. |
| Source IP | src |
| Destination IP | dst |
| Username | usrName |