as a part of local IT second level i am automating the collection of logfiles for several issues
we are encountering.
As i found the Logs located in "C:\ProgramData\McAfee\Host Intrusion Prevention" are not
as detailled as we need them to be.
sometimes it is neccecary to collect the detailled logs from the HostIntrusioinPrevention.
Until now we do the following by hand to collect the logs:
- manage Features / HIPS
--> toogle to the activity-log and press "export"
How can i do that log export automated ?
Thanks and Best Regards
PD23014 - Host Intrusion Prevention 8.0 ClientControl.exe Utility Readme
Exporting the Host IPS Activity Log to a text file.
1. Open a command shell.
2. Run clientcontrol.exe /export <path of export file>
3. Copy the exported log file to another computer for collection, analysis, etc.
thank you for your suggestion.
The logs are both containing information about the hips- however the way it is displayed is different.
here is one entry from the mcafeefirelog.txt from the desktop - manually exported
Time: 11.02.2013 08:42:34
IP Address/User: 10.18.212.173
Message: Blocked Incoming UDP - Source 10.18.212.173 : (17500) Destination 255.255.255.255 : (17500)
Matched Rule: Block All Traffic
and here is one exported with clientcontrol.exe
Time: 11.02.2013 09:08:43
Event Type: Traffic
IP Address: 10.18.212.189
Local IP Address: 255.255.255.255
Local Port: 43440
Remote IP Address: 10.18.212.189
Remote Port: 50661
Process ID: 0
Description: Block All Traffic
Unfortunately the exported file is not as good to read as the manually exported one.
Another issue i found is that the entries you gain are not the same.
I could not find the same entries for the same time in both logs for that example i posted above.
This is correct. The McAfeeFireLog.txt (your first example; non-ClientControl log) has no automated export process; it must be manually exported by clicking on the EXPORT option in the Host IPS Client UI.
it would be great if such a feature could be implemented in the future- that could save me a lot of work
Thanks for your answer
Please submit a PER if you'd like to request functionality in a future product version.
KB60021 - Information about Product Enhancement Requests for McAfee products