When I login to network security manager UI, I see only last week logs. Suspecting that retention period is set to last week, is there a way I could get the logs from NSM server itself if archived?
and if it is a log archive file in a specific format, could this be imported to NSM ui to view these logs?
By default, the retention time of the NSM alert is 90 days, unless customized.
In the manager, we have an option to enable the archival of the alerts. Please navigate to the following path, to check if there are any alert archives available:
Manager - Maintainance - Data Archiving - IPS - Archive Now
If the archive is available, yes, it can be imported to the NSM. You should be able to restore it from:
Manager - Maintainance - Data Archiving - IPS - Restore Archives
Hope this answers your question.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Hi Devashish ,
One more thing you can do is
Log in to the NSM mysql database, and execute the below command
For NSM 8.x, 9.1 earlier than 18.104.22.168 and 9.2:Change to $:\mysql\bin (the default is C:\mysql\bin\). For NSM 22.214.171.124 and later.Change directory to $:\MariaDB\bin (for example, c:\MariaDB\bin). Log on to the database:Type Mysql -u root -p and then press Enter. Enter the password Change to the correct database:Type Use lf; and press Enter. This command changes to the correct database.
and then execute the below command
select min(creationTime), max(creationTime) from iv_alert;
(This command will show you the duration of the logs which are present in NSM database )
If the logs are present in the database you should be able to see on the NSM Dashboard
But it the logs are not present in the DB that means they got purged.
In that case you to check Nsm's retention period
Was my reply helpful?If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC