This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Not receiving logs from McAfee ePO 5.x

VishamRawat
Beginner
Beginner

‎2019-05-08 08:36 AM

I'm trying to integrate McAfee ePO with RSA SA 10.6.4.1.

I've created the DSN with the DB and server name, and port number. Left the driver value as default.

I've also entered the ODBC username and password configuration parameters, and tested connection - successful.

 

However, I receive no logs from McAfee ePO. I looked up the /var/log/messages file, and I find the following warning -

NwLogCollector[24339]: [OdbcCollection] [warning] Invalid audit log format for:Test Connection Success!

 

I'm not sure what this means.

Need assistance.

Labels:
0 Likes
5 REPLIES 5

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-05-08 08:39 AM

McAfee EPO has many different modules in it.

 

Which module are you trying to collect from? AV? HIDS?

0 Likes

VishamRawat
Beginner
Beginner
In response to DaveGlover

‎2019-05-08 08:57 AM

Hi Dave,

 

The AV module. We're going for the system and virus logs.

0 Likes

SteveFink
Contributor Contributor
Contributor

‎2019-05-08 10:30 AM

Hi Visham,

 

Please consider upgrading from 10.6.4.1 to a version of NetWitness 11.x the 10.6.x.x versions will be End of Life in October 2019. You must upgrade to a version of 10.6.6.x prior to upgrading to 11.3.

 

Here is some documentation pertaining to NetWitness 11.3 features and functionality:

 

v11.3 Release Notes

                https://community.rsa.com/docs/DOC-100363

 

NetWitness Known Issues (11.x)

                https://community.rsa.com/community/products/netwitness/documentation/known-issues

 

Introduction Blog Post (Marketing)

                https://community.rsa.com/community/products/netwitness/blog/2019/03/05/introducing-rsa-netwitness-platform-113

 

Physical Host Upgrade Checklist 10.6.6.x to 11.3

                https://community.rsa.com/docs/DOC-101413

 

Physical Host Upgrade Guide 10.6.6.x to 11.3

                https://community.rsa.com/docs/DOC-100385

 

Update Guide 11.x.x.x to 11.3

                https://community.rsa.com/docs/DOC-100381

 

Getting Started Guide

                https://community.rsa.com/docs/DOC-100377

 

NetWitness Respond User Guide

                https://community.rsa.com/docs/DOC-99944

 

NetWitness Investigate Quick Start Guide

                https://community.rsa.com/docs/DOC-101213

 

NetWitness UEBA Quick Start Guide

                https://community.rsa.com/docs/DOC-100550

 

NetWitness Endpoint Quick Start Guide

                https://community.rsa.com/docs/DOC-100167

 

Changes to ESA script outputs

                https://community.rsa.com/community/products/netwitness/blog/2019/04/12/113-changes-to-esa-script-outputs

 

Threat-Aware Authentication:

                https://community.rsa.com/community/products/netwitness/blog/2019/04/29/examining-threat-aware-authentication

 

Recovery Tool User Guide

                https://community.rsa.com/docs/DOC-101457

 

Kind regards,

 

Steve

0 Likes

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-05-08 10:41 AM

Have you followed the guide here?  https://community.rsa.com/docs/DOC-40219 

 

There are a couple of different options to pick depending on AV version

0 Likes

VishamRawat
Beginner
Beginner
In response to DaveGlover

‎2019-05-08 11:38 AM

Thanks Dave, it's working now! just took a while to manifest.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.