cancel
Showing results for 
Search instead for 
Did you mean: 
epo_user_00
Level 7

Pulling HIPS Firewall client logs remotely

ePO 4.0

McAfee Agent 4.5

HIPS 7 Patch 8

Windows XP SP3

I read somewhere that it's possible to use a script to retrieve HIPS firewall event logs from client computers.  Currently, the only way to view these logs is from the local HIPS local console on the workstation.  Anyone know where I can find said script?  I want to be able to log onto the ePO server and view events that the HIPS firewall is blocking on any given workstation.

Thanks!

0 Kudos
14 Replies
casscoss
Level 7

Re: Pulling HIPS Firewall client logs remotely

I am also looking for this information...anybody???

0 Kudos
arem
Level 7

Re: Pulling HIPS Firewall client logs remotely

there is a utility called ClientControl.exe which can pull the host f/w logs, more info here;

https://kc.mcafee.com/corporate/index?page=content&id=PD23014

0 Kudos
casscoss
Level 7

Re: Pulling HIPS Firewall client logs remotely

Thanks for the reply. I am well familiar with the ClientControl utility, butI would like to be able to do this via ePO.

I have a timed group in my FW rule set. It allows HTTP/HTTPS for 10min. Iwould like to know if users are using this and if so how many times. That way Ican determine if   user is simply resetting the timed group so theycan access the internet openly and access sites they should not be

0 Kudos
McAfee Employee

Re: Pulling HIPS Firewall client logs remotely

casscoss wrote:

I would like to be able to do this via ePO.

There is no ePO functionality, or McAfee-provided script, to do this.

0 Kudos
casscoss
Level 7

Re: Pulling HIPS Firewall client logs remotely

Ok, thanks...that answers that. Too bad though

0 Kudos
epo_user_00
Level 7

Re: Pulling HIPS Firewall client logs remotely

Does the ClientControl utility work with HIPS 7.0?

0 Kudos
McAfee Employee

Re: Pulling HIPS Firewall client logs remotely

Yes, there is a ClientControl utility for Host IPS 7.0 (downloaded from the McAfee Download site).   The Client Control tool does not pull Host IPS log files remotely though.   It can, however, "Export the activity log to a formatted text file", if you are locally/remotely logged into that system.

Exporting the Host IPS Activity Log to a text file.

1. Open a command shell.

2. Run clientcontrol.exe /export <path of export file>

3. Copy the exported log file to another computer for collection, analysis, etc.

0 Kudos
arem
Level 7

Re: Pulling HIPS Firewall client logs remotely

may i get some clarification please

you say it does not pull the Host IPS log files remotely, but then go on to say it can export the activity log to a text file if you are logged in locally / REMOTELY - will you explain what is the difference as you meant it

thanks

0 Kudos
McAfee Employee

Re: Pulling HIPS Firewall client logs remotely

If you RDP to a system (remotely logged in), you can run the ClientControl tool locally on that system to export the Activity log.  You cannot, however, run the ClientControl utility on your system to remotely connect to a remote host to "pull" the Activity log.

The ClientControl tool must be run on the local system to export the log file.  This also does not export any information to the ePO server.

0 Kudos