McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

dscryber · March 24, 2022, 3:40pm

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

Script to get McAfee Web Gateway Cloud Service logs from McAfee SaaS-API. Logs are downloaded to 'OutputLog.$NowUnixEpoch$.csv' and can be forwarded to a remote syslog host or SIEM when syslogEnable is set to 'True' .

Note:

When forwarding is used the downloaded CSV is transformed into a JSON stream. Configure your syslog/SIEM input correspondingly.

Timestamp is automatically adjusted with the last successful time of request. The corresponding configuration option requestTimestampFrom is updated after each run of the script.

The script is using McAfee SaaS Message API ver. 5

Field reference: https://docs.mcafee.com/bundle/web-gateway-cloud-service-product-guide/page/GUID-BDF3E4F1-1625-4569-BE80-D528CE521BC1.html

General API reference: https://docs.mcafee.com/bundle/web-gateway-cloud-service-product-guide/page/GUID-B24F5DAE-F9BB-44F7-976A-BF2245CBADF3.html

Usage

Download script and configuration file.
Make script executable and adjust the configuration file to your needs.
Run it periodically via cron for example.

Topic	Replies	Views
McAfee Web Gateway 7.5 Logs Content Pack content-pack	733	March 8, 2022
AWS Plugin For Graylog Plug-Ins plug-in	2411	February 17, 2022
NSX Edge Firewall ( VMware ) Content Pack content-pack	1012	March 9, 2022
Nginx content pack with JSON for easier, flexible logging Plug-Ins plug-in	2810	February 24, 2022
Barracuda Syslog Extractor Other Solutions other_solutions	982	March 14, 2022

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

McAfee Web Gateway Cloud Services (WGCS) Logpuller Script

Usage

Related topics