Importing the Syslog Log Handler

About this task

To Import a policy rule set for the syslog handler:

Procedure

  1. From the support website, download the following compressed file:

    log_handlers-1.1.tar.gz

  2. Extract the file.

    The extract file provides XML files that are version dependent to your McAfee Web Gateway appliance.

    Table 1. McAfee Web Gateway required log handler file

    Version

    Required XML file

    McAfee Web Gateway V7.0

    syslog_loghandler_70.xml

    McAfee Web Gateway V7.3

    syslog_loghandler_73.xml
  3. Log in to your McAfee Web Gateway console.
  4. Using the menu toolbar, click Policy.
  5. Click Log Handler.
  6. Using the menu tree, select Default.
  7. From the Add list, select Rule Set from Library.
  8. Click Import from File button.
  9. Navigate to the directory containing the syslog_handler file you downloaded and select syslog_loghandler.xml as the file to import.
    Note: If the McAfee Web Gateway appliance detects any conflicts with the rule set, you must resolve the conflict. For more information, see your McAfee Web Gateway documentation.
  10. Click OK.
  11. Click Save Changes.
  12. You are now ready to configure the log source in QRadar.

    QRadar automatically discovers syslog events from a McAfee Web Gateway appliance.

    If you want to manually configure QRadar to receive syslog events, select McAfee Web Gateway from the Log Source Type list.