Step 1) 
	Import log definition into McAfee Web Access Gateway 
		Click on 
		policy
			Log Handler
				Add from library 
					add from file
					
					Select the file NagiosLogServer_v1.xml
					
Step 2) Add the following line to your rsyslog.conf file on the McAfee web access gateway and restart the gateway or rsyslog service

daemon.info @NAGIOSLOGSERVER.HOME.NET:9514


Step 3) add an input into the NagiosLogServer as per this configuration

udp{
    type => 'McAfee'
    port => 9514
}

Step 4) add a custom content type to your nagioslogserver

create a file in /usr/local/nagioslogserver/logstash/patterns/ 
call it mcafee
add the following to that new file
CONTENT [A-Za-z0-9.\/\-_\;\=]+

save the file, restart logstash 




You will notice the dashboard includes several queries, we use this because of a need to separate two internet connections, you can edit the filters to apply to your configuration




All Done, Enjoy!

any questions with the use of this should be directed to me on twitter @nozlaf_au