cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee DLP Endpoint specific Syslog feature

The following URL shows that Syslog Server Settings is under WCC (Windows Client Configuration) level and not available on MCC (Mac Client Configuration) level:

https://docs.mcafee.com/bundle/data-loss-prevention-11.2.x-product-guide/page/GUID-A746D9FE-35B6-458...

  • 1 Does it mean that syslog events forwarding is happening on individual DLPE agents running on each workstations (e.g. fcag.exe) instead of uploading events to ePO and let ePO forward the events to syslog servers?

  • 2 If the user triggered DLP events (e.g. printing something) off-premise network, what happen to the syslog events for that actions?

  • 3 Will it be as detail as DLP Incident Manager (e.g. USB Serial Number, evidence filepath and size, etc.) or as simple as typical ePO Server’s syslog forwarding events (ePOEvents table forwarding)?

  • 4 Does it mean that syslog events forwarding is not supported for DLPE for macOS?

Thanks,

Young-

1 Reply
Corey-DLP
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: McAfee DLP Endpoint specific Syslog feature

Hello and thank you for posting here! 

Please see my answers to your questions below:

 

  • 1 Does it mean that syslog events forwarding is happening on individual DLPE agents running on each workstations (e.g. fcag.exe) instead of uploading events to ePO and let ePO forward the events to syslog servers?
    That is correct. A syslog file is created on the endpoint where the DLP Agent is installed and sent to the syslog server from the endpoint.

 

  • 2 If the user triggered DLP events (e.g. printing something) off-premise network, what happen to the syslog events for that actions?
    Every 15 minutes a syslog even file is created in the DLP folder under ProgramData. This file is collection of DLP incidents that occurred over that 15 minute period.

 

  • 3 Will it be as detail as DLP Incident Manager (e.g. USB Serial Number, evidence filepath and size, etc.) or as simple as typical ePO Server’s syslog forwarding events (ePOEvents table forwarding)?
    While the formatting will be different, the syslog even should contain the same details as the incidents you see in the DLP Incident Manager.

 

  • 4 Does it mean that syslog events forwarding is not supported for DLPE for macOS?

          Currently this feature is not available on OS X. I would recommend submitting a Product Idea for            the feature to be added in a future release.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community