cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ulf
Level 8
Report Inappropriate Content
Message 1 of 6

Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution

On some machines we get more than 10.000 Application Information events every day. This makes review of the event log difficult as it's easy to miss events from other sources.

I guess the information could be useful in case of troubleshooting, but once the system is up and running, it's of no use.

Example from one machine that only has a "few":EventLog.png

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution

Yes, you can run the sadmin command via a SC:Run Command client task (used for non-ePOmanaged policy/settings).  In the client task, leave out the sadmin command (it's assumed); make sure your command is complete though (verify it does what you want on the client before running it via ePO client tasks).

 

Example:
event sink -r read_denied oslog

 

5 Replies

Re: Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution

Yes you can modify "sadmin eventsink" if you want to remove differnt things from reporting where. But i would not really mess with that. What you really need to do is go through your events and exclude what you dont want to see.

 

 

Ulf
Level 8
Report Inappropriate Content
Message 3 of 6

Re: Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution
Where can I find "sadmin eventsink"? How fine grained is it, or maybe more important - is it easy to see what is excluded?
McAfee Employee gnautiya
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution
Hi, The output of this command "sadmin event sink" can be seen at client directly, because here you are concerned about info type of events in eventviewer. You can always remove a sink type as oslog using the same command directly at client machine, this will ensure that whatever event type info you don't require in event viewer you can remove the sink for that particular event type. Regards
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Ulf
Level 8
Report Inappropriate Content
Message 5 of 6

Re: Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution

Thanks. 

I was able to remove the event in question on one client.

I guess it should be possible to run the sadmin CLI command from ePO to make the change on all my clients?

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Can Windows Event logging be disabled for Solidcore Information events?

Jump to solution

Yes, you can run the sadmin command via a SC:Run Command client task (used for non-ePOmanaged policy/settings).  In the client task, leave out the sadmin command (it's assumed); make sure your command is complete though (verify it does what you want on the client before running it via ePO client tasks).

 

Example:
event sink -r read_denied oslog

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community