SNS ProTip for SIEM: Troubleshooting Issues with Events

Version 1

    To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

    Following are three resources to reference when troubleshooting issues with events.

    • KB82161– ESM becomes sluggish and fails to keep up with events
      If the user interface in your SIEM Enterprise Security Manager becomes sluggish and unable to keep up with events delivered from the receiver, it could be due to an incorrect RAID setting.
    • KB82132 – ESM stops displaying events for the current day
      If  your ESM stops displaying events from the current day, it could be an issue with the rules table.
    • KB82114 – Some events are not showing the Source User field in the Details tab
      If you have a number of SIEM Event Receivers working correctly, but the Source User field in the details tab of one is not visible, the StringMap table may have become corrupt. A simple change in the Last Download String Record should remedy this.

      For more resources, visit the McAfee KnowledgeBase and search for SIEM-related KBs, and visit the McAfee SIEM Community.