When you configure McAfee AntiSpam to send log data to USM Appliance, you can use the McAfee AntiSpam plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
|Device Type||Mail Security|
|Data Source Name||mcafee-antispam|
|Data Source ID||1618|
Integrating McAfee AntiSpam
Before you configure the McAfee AntiSpam integration, you must have the IP Address of the USM Appliance Sensor.
To configure McAfee AntiSpam to send Syslog messages to USM Appliance
- Log in to the Appliance Management Console.
- Select System > Logging > Alerting and SNMP > System Log Settings.
- Click Enable system log events.
- Choose the CEF logging format.
- Select Off-box system log and then click Add Server.
Add the USM Appliance Sensor server name and Port (the default is 514).
Note: TCP is used as the transport mechanism for syslog because of the large amount of data that can be sent, which would exceed a UDP packet size.
- Click Apply Changes.
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, see the vendor documentation.