cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ATD integration with syslog

Hello Everyone,

Can anyone tell me how can I monitor my ATD VMs using Syslog Server.

7 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: ATD integration with syslog

HI ArsalanA

 

Please make sure you host requirements are met in accordance with our installation material outlined in the link below.  VATD is incredibly resource demanding.

 

https://docs.mcafee.com/bundle/advanced-threat-defense-4.8.x-installation-guide/page/GUID-FD2281FA-C...

 

Typical issues and troubleshooting:

  1.  Customers host meets the requirements outlined in the above link but the host has too many other systems running on the host.  To test, shut down other hosted VM's and see if vATD runs
  2. Customers host is running incompatible CPU on HyperV host
  3. https://kc.mcafee.com/corporate/index?page=content&id=KB91593
  4. Try to run one vATD at a time on a host if you acre sharing the host for both vATD's

If all of the above check out OK pleas raise a service request and upload support bundles from both vATD's and we will be happy to work with you.

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: ATD hang

Below is the attached ATD hyperV console which shows the error.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: ATD hang

HI ArsalanA

Please go ahead and open a service request with McAfee support and attach the full support bundles from both vATD's  as this will enable us to perform a full diagnosis of the issue.

 

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: ATD hang

I opened a ticket and we had a webex session yesterday it was assumed that alot of dll files are the cause of that issue so I changed my TIE policy for those servers from which we were getting alot of these dlls but still the issue is same it shows before getting stuck CPU utilization 700%. 

@IMarsh do you have any idea ?

our ATD version is 4.8.2 aur we are using host server 2016 HyperV.

Is the issue is related with HyperV?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: ATD integration with syslog

Hi ArsalanA

Are you referring to syslog setting fog vATD or the scanning VM's that run on ATD?

All the options for syslogging can be found in ATD GUI under Manage>ATD Configuration>Syslog

There is no individual syslog settings to monitor scanning VM's.  We do publish information on analysis results to syslog

 

 

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: ATD integration with syslog

Can we set ATD hardware utilization alert to Microsoft Security Operation Manager.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: ATD integration with syslog

Hi ArsalanA

You can send the syslogs to an off box syslogger or SIEM.  Once the logs are received by the 3rd party syslogger it is the customers responsibility to parse the logs in to a readable format specific to their SIEM or syslog system.  This usually involves the creation of a custom parser which would be the responsibility of the customer to create.

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community