McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script


View on Github
Open Issues

Script to get McAfee Web Gateway Cloud Service logs from McAfee SaaS-API. Logs are downloaded to 'OutputLog.$NowUnixEpoch$.csv' and can be forwarded to a remote syslog host or SIEM when syslogEnable is set to 'True' .


When forwarding is used the downloaded CSV is transformed into a JSON stream. Configure your syslog/SIEM input correspondingly.

Timestamp is automatically adjusted with the last successful time of request. The corresponding configuration option requestTimestampFrom is updated after each run of the script.

The script is using McAfee SaaS Message API ver. 5

Field reference:

General API reference:


  • Download script and configuration file.
  • Make script executable and adjust the configuration file to your needs.
  • Run it periodically via cron for example.