McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

dscryber · March 24, 2022, 3:40pm

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

Script to get McAfee Web Gateway Cloud Service logs from McAfee SaaS-API. Logs are downloaded to 'OutputLog.$NowUnixEpoch$.csv' and can be forwarded to a remote syslog host or SIEM when syslogEnable is set to 'True' .

Note:

When forwarding is used the downloaded CSV is transformed into a JSON stream. Configure your syslog/SIEM input correspondingly.

Timestamp is automatically adjusted with the last successful time of request. The corresponding configuration option requestTimestampFrom is updated after each run of the script.

The script is using McAfee SaaS Message API ver. 5

Field reference: https://docs.mcafee.com/bundle/web-gateway-cloud-service-product-guide/page/GUID-BDF3E4F1-1625-4569-BE80-D528CE521BC1.html

General API reference: https://docs.mcafee.com/bundle/web-gateway-cloud-service-product-guide/page/GUID-B24F5DAE-F9BB-44F7-976A-BF2245CBADF3.html

Usage

Download script and configuration file.
Make script executable and adjust the configuration file to your needs.
Run it periodically via cron for example.

Topic		Replies	Views
NSX Edge Firewall ( VMware ) Content Pack content-pack	0	871	March 9, 2022
Cloudflare CDN Logs to graylog Graylog Central (peer support)	5	2106	June 6, 2018
Pysender for Graylog Other Solutions other_solutions	0	295	March 24, 2022
pfSense Extractor - Sept 2022 Graylog Add-ons	4	1933	October 14, 2022
Palo Alto Networks Next Generation Firewall - Traffic, Threat, Config and System Extractor Other Solutions other_solutions	0	1943	March 24, 2022

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

Usage

Related Topics