Script to get McAfee Web Gateway Cloud Service logs from McAfee SaaS-API. Logs are downloaded to
'OutputLog.$NowUnixEpoch$.csv' and can be forwarded to a remote syslog host or SIEM when
syslogEnable is set to
When forwarding is used the downloaded CSV is transformed into a JSON stream. Configure your syslog/SIEM input correspondingly.
Timestamp is automatically adjusted with the last successful time of request. The corresponding configuration option
requestTimestampFrom is updated after each run of the script.
The script is using McAfee SaaS Message API ver. 5
- Download script and configuration file.
- Make script executable and adjust the configuration file to your needs.
- Run it periodically via cron for example.