cancel
Showing results for 
Search instead for 
Did you mean: 

DLPE 9.3 Patch 6 Event Parsing

Having issues with event parser not parsing events in DLPE 9.3 patch 6 since upgrade to epo version 5.3.3.

We have logged a case with support but any additional ideas would be appreciated.

The error message we get is msg bad variable type, it then places the message in the debug folder.

Thanks

7 Replies
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: DLPE 9.3 Patch 6 Event Parsing

Moved to DLP area

Re: DLPE 9.3 Patch 6 Event Parsing

What was the solution on this? I'm having the same exact issue. Events are being moved to \Debug\ folder.
IanMFE
Level 8
Report Inappropriate Content
Message 4 of 8

Re: DLPE 9.3 Patch 6 Event Parsing

Any update to this? We are having the same problem. Since upgrading to ePO 5.3.3, DLP v9.x events are no longer being stored in ePO.

DLP v11 events 'are' being stored successfully, but the majority of our user base are running v9.x.

IanMFE
Level 8
Report Inappropriate Content
Message 5 of 8

Re: DLPE 9.3 Patch 6 Event Parsing

Spoke to McAfee support. They say that DLP 9.3 with ePO 5.3.3 is not supported. It appears that there is a bug in the ePO 5.3.3 Event Parser. I built an ePO 5.3.2 Event Parser and pointed that to the production (5.3.3) database. I now load the DLP 9.3 events via the 5.3.2 Event Parser and can view them in the production database. Temporary workaround solution as we migrate to DLP v11.

Highlighted

Re: DLPE 9.3 Patch 6 Event Parsing

Hi, We having the exatcly same issue, Would you plase share that how I can build an ePO 5.3.2 Event Parser and pointed that to 5.3.3? Appreciate!

IanMFE
Level 8
Report Inappropriate Content
Message 7 of 8

Re: DLPE 9.3 Patch 6 Event Parsing

Build a second, temporary ePO running v5.3.2 using the Express Database.

Configure the DB properties to point to your production DB instead of the Express DB.

Disable all McAfee ePO services, except the Event Parser.

Copy failed events from your production ePO server (Program Files x86\Mcafee\ePolicy Orchestrator\DB\Events\Debug) to your temporary ePO server events input directory (Program Files x86\McAfee\ePolicy Orchestrator\DB\Events).

The Event Parser will automatically upload those to your production DB.

This worked as a temporary (~4 months) workaround for us until we upgraded to v11.

Re: DLPE 9.3 Patch 6 Event Parsing

That's an amazing work around! saved me from a reinstallation from scratch.   Has been swamped by the issue for weeks, since McAfee support doesn't  support out of date products while we need months to upgrade all the legacy 9.3 clients.  Thank you!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator