cancel
Showing results for 
Search instead for 
Did you mean: 
adpspt
Level 9

Problem with DLP no new events in DLP Monitor

Jump to solution

Hallo,

we are using EPO 4.5 and MAgent 4.5 and DLP 9.1 on Windows 2003 Server.

My Problem is that we dont see new events in the DLP Monitor and when i click on the MAgent on Send events he get the message : "Agent failed to communicate with EPO Server" but when i use the "Collect and Send Probs" its working.

Also Deployment to new machines is working fine they get the MAgent than the VSE 8.7 and the DLP 9.1 but also on the new workstations when i click on "Send events" the same message "Agent failed to communicate with EPO Server".

The last entry in the DLP Monitor is from 09.10.2013.

I also checked the the evidence folder is accessible from outside and also the connection of the DLP to the Database is working and successfull.

Has somebody a idea what i can check or what could be the problem?

best regards

adpspt

0 Kudos
1 Solution

Accepted Solutions
adpspt
Level 9

Re: Problem with DLP no new events in DLP Monitor

Jump to solution

Hallo, thx for the Answer.

Today we found the problem.

We checked the eventparser.log and recognized that was not working in the proper way.

Over the eventparser.log we found out the a folder under c:/program files/mcafee/epolicy orchistrator/db/events was lost.

The under the path the "events" folder was missing when we recreated it it says there is allready existing the "events" folder.

We checked in the "db" folder was just a file named "events" with 0 kilobytes and we renamed the file and restarted the mcafee parser service and than it was possible to recreate the folder "events" after this we restarted again the parser service and he starts to write all events to the DLP Monitor.

So now everything is working and fine :-)

Thx for the help and maybe this will help somebody else.

best regards

adpspt

0 Kudos
4 Replies
keithdrone
Level 10

Re: Problem with DLP no new events in DLP Monitor

Jump to solution

Almost sounds like more of an Agent problem, have you considered upgrading your agents to a newer version?   4.5 agent is either EOL or at least nearing it.  

0 Kudos
adpspt
Level 9

Re: Problem with DLP no new events in DLP Monitor

Jump to solution

Thx for the answer i would like to do this but we are forced to use this version of the agent because a newer one is not approved for us at the moment. But it must be something else because in our other networks the same setup is working fine with this agent version and DLP.

Maybe something else i could check?

0 Kudos
keithdrone
Level 10

Re: Problem with DLP no new events in DLP Monitor

Jump to solution

Generate some debug logs on the agent side.  Do so the same for the DLP agent via the agent-policy in the policy catalog.

I'd suggest against doing this globally, as debug logs can eat up your resources and your disk space fast!

here is a link to get you started

https://kc.mcafee.com/corporate/index?page=content&id=KB58966

Additionally, check your VSE and DLP policies to ensure that they exclude each other.  Meaning, VirusScan should be trusted by DLP and not checked, and DLP processes should be trusted by VSE and not checked constantly.

0 Kudos
adpspt
Level 9

Re: Problem with DLP no new events in DLP Monitor

Jump to solution

Hallo, thx for the Answer.

Today we found the problem.

We checked the eventparser.log and recognized that was not working in the proper way.

Over the eventparser.log we found out the a folder under c:/program files/mcafee/epolicy orchistrator/db/events was lost.

The under the path the "events" folder was missing when we recreated it it says there is allready existing the "events" folder.

We checked in the "db" folder was just a file named "events" with 0 kilobytes and we renamed the file and restarted the mcafee parser service and than it was possible to recreate the folder "events" after this we restarted again the parser service and he starts to write all events to the DLP Monitor.

So now everything is working and fine :-)

Thx for the help and maybe this will help somebody else.

best regards

adpspt

0 Kudos