cancel
Showing results for 
Search instead for 
Did you mean: 

Locate McAfee IPS events in NSM server

Hi all,

When I login to network security manager UI, I see only last week logs. Suspecting that retention period is set to last week, is there a way I could get the logs from NSM server itself if archived?

and if it is a log archive file in a specific format, could this be imported to NSM ui to view these logs?

Thank you,

Devashish Singh

2 Replies
McAfee Employee fkazi04
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Locate McAfee IPS events in NSM server

Hi Devashish,

By default, the retention time of the NSM alert is 90 days, unless customized. 

In the manager, we have an option to enable the archival of the alerts. Please navigate to the following path, to check if there are any alert archives available:

Manager - Maintainance - Data Archiving - IPS - Archive Now

 

If the archive is available, yes, it can be imported to the NSM. You should be able to restore it from:

Manager - Maintainance - Data Archiving - IPS - Restore Archives

 

Hope this answers your question.

 

Regards,

Faizan 

 

Was my reply helpful?

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Tsri
Level 8
Report Inappropriate Content
Message 3 of 3

Re: Locate McAfee IPS events in NSM server

Hi Devashish ,

One more thing you can do is

Log in to the NSM mysql database, and execute the below command

 

For NSM 8.x, 9.1 earlier than 9.1.7.77 and 9.2:
Change to $:\mysql\bin (the default is C:\mysql\bin\).
 
For NSM 9.1.7.77 and later.
Change directory to $:\MariaDB\bin (for example, c:\MariaDB\bin).
 
Log on to the database:
Type Mysql -u root -p and then press Enter.  Enter the password 
 
Change to the correct database:
Type Use lf; and press Enter. This command changes to the correct database.
 


and then execute the below command

 

select min(creationTime), max(creationTime) from iv_alert;

 

(This command will show you the duration of the logs which are present in NSM database ) 

 

If the logs are present in the database you should be able to see on the NSM Dashboard 

 

But it the logs are not present in the DB that means they got purged.

 

In that case you to check Nsm's retention period 

 

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Regards,
Tarang Sri

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community