cancel
Showing results for 
Search instead for 
Did you mean: 

auotmated log generation for HIPS 8

Hello,

as a part of local IT second level i am automating the collection of logfiles for several issues

we are encountering.  

As i found the Logs located in "C:\ProgramData\McAfee\Host Intrusion Prevention" are not

as detailled as we need them to be.

sometimes it is neccecary to collect the detailled logs from the HostIntrusioinPrevention.

Until now we do the following by hand to collect the logs:

- manage Features / HIPS

--> toogle to the activity-log and press "export"

How can i do that log export automated ?

Thanks and Best Regards

0 Kudos
5 Replies
McAfee Employee

Re: auotmated log generation for HIPS 8

PD23014 - Host Intrusion Prevention 8.0 ClientControl.exe Utility Readme

Exporting the Host IPS Activity Log to a text file.

1. Open a command shell.

2. Run clientcontrol.exe /export <path of export file>

3. Copy the exported log file to another computer for collection, analysis, etc.

0 Kudos

Re: auotmated log generation for HIPS 8

Hello Kary,

thank you for your suggestion.

The logs are both containing information about the hips- however the way it is displayed is different.

here is one entry from the mcafeefirelog.txt from the desktop - manually exported

Time:     11.02.2013 08:42:34

Event:     Traffic

IP Address/User:     10.18.212.173

Message:     Blocked Incoming UDP -  Source 10.18.212.173 :  (17500)  Destination 255.255.255.255 :  (17500)

Matched Rule:     Block All Traffic

and here is one exported with clientcontrol.exe

Time:             11.02.2013 09:08:43

Event Type:         Traffic

IP Address:         10.18.212.189

Sniffer CAP:        

Rule ID:        

Protocol:         17

Local IP Address:     255.255.255.255

Local Port:         43440

Remote IP Address:     10.18.212.189

Remote Port:         50661

Inbound:         True

Permit:             False

Process ID:         0

Path:            

Description:         Block All Traffic

Unfortunately the exported file is not as good to read as the manually exported one.

Another issue i found is that the entries you gain are not the same. 

I could not find the same entries for the same time in both logs for that example i posted above.

Rgds

Schorsch

0 Kudos
McAfee Employee

Re: auotmated log generation for HIPS 8

This is correct.  The McAfeeFireLog.txt (your first example; non-ClientControl log) has no automated export process; it must be manually exported by clicking on the EXPORT option in the Host IPS Client UI.

0 Kudos

Re: auotmated log generation for HIPS 8

Hello Kary,

it would be great if such a feature could be implemented in the future- that could save me a lot of work

Thanks for your answer

0 Kudos
McAfee Employee

Re: auotmated log generation for HIPS 8

Please submit a PER if you'd like to request functionality in a future product version.

KB60021 - Information about Product Enhancement Requests for McAfee products

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

0 Kudos