icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading App for McAfee Web Gateway
SHA256 checksum (app-for-mcafee-web-gateway_307.tgz) 1f1e6551c167d9d31d151e62419cd4a58ffea8914416ddfefbae8ff7deb19d4c SHA256 checksum (app-for-mcafee-web-gateway_306.tgz) 8167874147e45b5d09589271dd395836370a3e3122c2ecf3c13bdbf9441f73df SHA256 checksum (app-for-mcafee-web-gateway_305.tgz) 1a9129e40ad36a84b9d07ce44a49b366a6e5df94a06ec32675ca765401e143a5 SHA256 checksum (app-for-mcafee-web-gateway_304.tgz) 88ff28a4d91b9663a11b7c0e95fa2a84fc71120eeb09d14cd3fc23c7eb75f5f2 SHA256 checksum (app-for-mcafee-web-gateway_211.tgz) eb34d790a5da5407a080360740c7f209dd611d05ade9b08b7471ebfb86d96c49
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

App for McAfee Web Gateway

This application adds SIEM features to McAfee Web Gateway 7 (MWG7), including real-time monitoring, fast incident response, facilitates troubleshooting and log search.

Currently there are 59 different charts and tables grouped in 12 views:
Simple Search
Advanced Search
Media Types
Potential Risks
URL Filter

This App requires Splunk v6+.

Works with McAfee Web Gateway v7.3, v7.4; for older versions (Webwasher v6.x, MWG v7.0-7.2) some modifications of props.conf and log structure may be required.

Contact: splunk@compek.net

App for McAfee Web Gateway 7

This application adds some SIEM features to McAfee Web Gateway 7 (MWG7), allows fast incident response, facilitates troubleshooting and log search.

Currently there are 59 different charts and tables grouped in 12 views:

       Requests / Block Ratio
       Block Rules Overview
       Applications by Hits
       Applications by Volume
       Top Applications by Volume
       Top Applications by Hits
       Top Application Statistics
       Top IP by Failed Auth
       Top User-Agents by Failed Auth
       Top User-Agents + IPs by Failed Auth
       Multiple Logins from diff IPs
Simple Search
       Web Usage
       Status Code Overview
       Web Usage by URL Category
       Web Usage by URL Category Area Graph
       Top User-Agents
       IP Addresses
       IP Addresses by Hits Graph
       Top Hosts by Hits
       Top Blocked Hosts by Hits
       Top Blocked URLs by Hits
       Top Malware Names by Hits
       Top Users by blocked Malware
       Top Hosts blocked by Malware Hits
Media Types
       Media Types
       Top Media Types by Volume
       Top Media Types by Hits
       Status Code Overview
       Time In Transaction
       Time to Resolve Host Name via DNS
       Slowest Hosts by DNS Resolution Time
       Potential Network Timeouts by Host
       Protocols by Hits
       Protocols by Hits (Percent)
       Protocols by Volume
       Protocols by Volume (Percent)
Potential Risks
       Top Users with high Ratio of Blocked Requests (>10%)
       Unusal Ports
       Top Users by High Risk Requests
       Requests to IP Addresses
       CONNECT Requests to IP Addresses
       Long Running (>1m) Connections
       Longest Transactions
       Long running transactions + Volume
       Top Users/IPs
       Top destinations
       Top Uploads (> 1 MB)
       Top Downloads (> 100 MB)
URL Filter
       URL Categories
       Blocked by URL Filter or by Web Reputation
       Top URL Categories by Volume
       Top URL Categories by Hits
       High Risk Destinations
       Not categorized Hosts
       Top not categorized Hosts
       User-Agents Statistics

This App requires Splunk v6+

Works with McAfee Web Gateway v7.3, v7.4; for older versions (Webwasher v6.x, MWG v7.0-7.2) some modifications of props.conf and log structure may be required.


  1. Extract the file MWGaccess3_for_MWG7.3-7.4.xml (located in MWG7 folder) from the application package.
  2. Import MWGaccess3_for_MWG7.3-7.4.xml in MWG7 into the Default Log Handler - it will create a new log file with the required fields.
  3. Install the App.
  4. From the App, go to Settings > Data inputs and configure Log Input; click "More settings", select drop down "Set the source type" to "Manual" and type in "MWGaccess3". (see one of the screenshots).

Migration from the version 2.xx:

  1. Download an app and extract+unzip a MWGaccess3_for_MWG7.3-7.4.xml from the MWG folder.
  2. Disable the old MWGaccesslog rule set on the MWG.
  3. Remove old App v.2.xx from Splunk.
  4. Follow installation instructions.

Adjust the app for your environment:

  • if you use syslog to send logs to Splunk remove the DateTime field from the MWG log because syslog adds its own timestamp.
  • if you have multi domain setup you can prepend Authentication.UserName with Authentication.Realm ("user123" becomes "ACME\user123").
  • to get correct "Block Rules" statistics you have to create a last ruleset with a rule named "Last Rule" which is active in all cycles (Request, Response, Embedded).
  • if all your MWGs are located in one time zone and you don't need a time zone and an offset (+0200) you can replace DateTime.ToWebReporterString ("[29/Oct/2012:14:28:15 +0200]") with DateTime.ToISOString ("2012-03-22 11:45:12")

Contact: splunk@compek.net

Release Notes

Version 3.07
Oct. 25, 2014

2014-10-25 version 3.07
* commit changes in props.conf and transform.cofn by Myron Davis
* add contributors section in README
* clarifications for installation process in README

2014-10-12 version 3.06
* enabling Splunk CIM (Common Information Model) version 4 , by Myron Davis
* compatibility with Splunk App for Enterprise Security, by Myron Davis
* rename App folder from AppForMcAfeeWebGateway to McAfeeWebGateway to match it with the app ID

Version 3.06
Oct. 12, 2014

several bugfixes, new reports

improvements in parsing, MWG-TA, compatibility with Splunk Enterprise Security App, CIM compliant (thanks to myrond!)

Version 3.05
June 8, 2014

The App package now includes a step-by-step installation instruction with screenshots
The log structure was reordered to avoid overwriting of parameters

Version 3.04
April 28, 2014

- new short log format, many redundant fields removed
- cleanup
- faster search
- some panels were merged

this major version isn't compatible with the version 2.xx

Version 2.11
Dec. 20, 2013


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.