cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ZGreen
Level 10
Report Inappropriate Content
Message 11 of 23
‎02-25-2020 11:19 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

I dont know why it wouldnt work. May be something is getting blocked. Look at one of the events you can see going through and create a firewall rule in the firewall policy to log it. 

0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 12 of 23
‎02-25-2020 11:25 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

Yes I'm not sure either. It's funny because on the local server, I can see the events in the ENS Console but it is not forwarding it to the ePO console. I've triple checked that everything that should be selected is selected and still nothing. Maybe the events for traffic just don't get forwarded to ePO for some reason. I've verified that nothing is being blocked in the firewall.

0 Kudos
Reply
mmuthuga
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 23
‎02-25-2020 08:31 PM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

When you run traffic through port 1433 from epo to sql, which rule is seen matching it in log. The matching rule should have "Log matching traffic" enabled.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 14 of 23
‎02-26-2020 12:35 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

Hi @JDCast11 

Going back to my comments as I don't see a response in regards to this:

What are your ENS and McAfee Agent policy settings set to? It's possible that the events are being generated but not forwarded. Check in ENS Common Policy what you've got set for ENSFW and in the McAfee Agent General Policy under Event Forwarding - lower the level to informational.

Also have you looked at Adaptive Mode which would be the ideal way to monitor "would be blocked" traffic?

0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 15 of 23
‎02-26-2020 04:47 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

I'm sorry @Former Member I thought I responded to that. The ENS common policy is set to log all Firewall Events and forward events to McAfee is selected. In the McAfee Agent General Policy I have the Event Forwarding set to informational. 

Yes I have used Adaptive to configure the baseline of my rules but I wanted to have a query as a dashboard for any blocked traffic.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 16 of 23
‎02-26-2020 05:16 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

Hmm okay... running out of options now 😄

So checklist - repeating to ensure we've covered all these points, I believe we have:

- log all blocked traffic in ENSFW Options policy is enabled

- the rule which you want to see reported in ePO is also set to "log matching traffic"

- ENS Common policy logging settings for FW have been checked

- MA Policy for Event forwarding has been checked

 

Even with these options btw you won't see any traffic that matches our catch-all rule. So do you have your own Block Traffic rule?

And finally in ePO under Server Settings > Event Filtering > do you have the event 35002 ticked?

0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 17 of 23
‎02-26-2020 05:29 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution
Yes everything is properly configured, just ran through and checked again. I did notice that there seems to be a newer version out so I will have that installed and see if it was a bug with the version I am currently on.
0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 18 of 23
‎02-26-2020 04:48 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution
Yes I have Log matching traffic enabled
0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 19 of 23
‎02-28-2020 05:50 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

I updated the versions and still unable to receive the logs on the ePO console. Do I need to escalate this and create a ticket? 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 20 of 23
‎02-28-2020 06:03 AM

Re: Unable to receive network traffic logs on ePO server

Jump to solution

@JDCast11  yes - if you want to see the events, and are missing them, we need to take a look so please do raise a Service Request with us - either give us a call so we can perform a remote session with you or raise it via the Service Portal and attach a MER from the system in question.

If you decide to go down the SR route - I'd be quite interested in looking into this as well. Feel free to share the SR# with me via private message.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC