cancel
Showing results for 
Search instead for 
Did you mean: 

Auto Learn Question

Jump to solution

When I enable Auto Lear for syslog data souces it immediately goes into the processing auto learned data status.  How do I get it to collect data again?

1 Solution

Accepted Solutions
McAfee Employee anthony_hardin
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Auto Learn Question

Jump to solution

When enabling the “Auto Learn” feature it basically opens upthe firewall to allow any syslog traffic to enter the SIEM receiver. It willstay running for the specified period of time or until you to stop it with the “disable”button. Once you execute the disable button, or when the time period hasexpired, it will auto populate the table with devices that are sending syslog,but will not populate the list of data sources that already exist in the SIEMinterface. Hopefully this has answered your question about the Auto Learn feature. 

2 Replies
McAfee Employee anthony_hardin
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Auto Learn Question

Jump to solution

When enabling the “Auto Learn” feature it basically opens upthe firewall to allow any syslog traffic to enter the SIEM receiver. It willstay running for the specified period of time or until you to stop it with the “disable”button. Once you execute the disable button, or when the time period hasexpired, it will auto populate the table with devices that are sending syslog,but will not populate the list of data sources that already exist in the SIEMinterface. Hopefully this has answered your question about the Auto Learn feature. 

Re: Auto Learn Question

Jump to solution

Hi,

How to add the host not retrieved by 'Auto Learn' from the syslog-ng ?

Thanks

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center