We Have CIFS data source and every 5 minutes new log files are written to shared folder.
Our Data Source copies and deletes files.
It is now behind 10-12 hours to copy and delete logs. If we don't do anything the gap increases.
As you can see in first screenshot the log files are 100-200 KB and it shouldn't be hard for McAfee SIEM to copy and delete all of it in once.
I wrote a script that every 5 minutes take all the log files and make 1 log file. This time SIEM doesn't copy and delete that file. Log file stay in folder and data source show yellow flag after some time and doesn't take the file. The file was 70 MB and it shouldn't be more than 10 seconds to copy and delete that file in our environment.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.