McAfee MAP-3300-SWG Product Guide - Page 270

Overview of System features Logging, Alerting and SNMP Table 269 Option definitions (continued) Option Off-box system log Definition Enable off-box system log - To send system logs for storage off-box, enable this setting and define the receiving server parameters: Receiving server - Specifies the IP address or host name of the server that receives the syslog information. Use IPv6 protocol - Check this option when sending system logging information over an IPv6 network. Port - Specify the port on the receiving server to be used to transfer the system log information. When using off-box system logging, you can specify different ports for each configured off-box syslog server. System Log Archive Protocol - Either TCP or UDP. Specifies the packet type. UDP has a limit of 1024 bytes per packet. Add Server - You can configure multiple off-box servers. Send archive copies of the mail logs to another server, and set up a schedule for this to happen. Extended Syslog attributes for ArcSight Using the extended Syslog functions within the appliance, you can use external, third party software - such as ArcSight - to generate Syslog reports. Table 270 Events for ArcSight Event ID Event Description 50005 Logging of the email status during processing 50006 Logging of the email status during processing 50022 Logging of the email status during McAfee Quarantine Manager processing 180000 Anti-Virus Engine Detection 180001 Content rule detection 180002 Anti-spam classification 180003 File-format detection 180004 Mail-Filtering detection 180008 URL request denied 180010 Compliancy detection 180011 Data Loss Prevention detection 180012 Mail Size detection 180013 Regular expression scanning failure 180031 URL has been blocked due to categorization 180032 URL has been coached due to categorization 180033 Categorized URL has been permitted 180035 Categorized URL has been permitted for a monitored user 270 McAfee Email and Web Security Appliances 5.6.0 Product Guide