To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.
Following are three resources to reference when troubleshooting issues with events.
- KB82161– ESM becomes sluggish and fails to keep up with events
If the user interface in your SIEM Enterprise Security Manager becomes sluggish and unable to keep up with events delivered from the receiver, it could be due to an incorrect RAID setting.
- KB82132 – ESM stops displaying events for the current day
If your ESM stops displaying events from the current day, it could be an issue with the rules table.
- KB82114 – Some events are not showing the Source User field in the Details tab
If you have a number of SIEM Event Receivers working correctly, but the Source User field in the details tab of one is not visible, the StringMap table may have become corrupt. A simple change in the Last Download String Record should remedy this.