McAfee Web Gateway sample event message

Use this sample event message to verify a successful integration with IBM® QRadar®.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

McAfee Web Gateway sample message when you use the Syslog protocol

The following sample event message shows that web access is verified.

<30>Oct 13 15:59:02 WebGatewayHost mwg: LEEF:1.0|McAfee|Web Gateway|8.2.9|0|devTime=1602597542000|src=|usrName=user1|httpStatus=204|dst=|urlCategories=Messaging|blockReason=|url=
Table 1. Highlighted values in the McAfee Web Gateway sample event
QRadar field name Highlighted values in the event payload
Event ID 0
Event Category This DSM doesn't have a category field to key from for the device in the payloads. QRadar provides the value as a static category.
Source IP src
Destination IP dst
Username usrName