I have installed McAfee SIEM 9.2.1 on VM - MFE Ent Sec Mgr, Ent Log Mgr and Event Receiver VM Unlimited from McAfee Grant Number. I have configured multiple data sources on it but i am not able to see Raw logs for any device. Do we need to make some settings to see Raw Data for device if yes then How ?
You need to setup storage pools on your Log Manager. Once you have the storage pools setup, you need to assign the specific data sources (if they are groups in a tree you can only assign a storage pool to the top level) to a storage pool.
This can be done by selecting your Log Manager properties and then Storage Pools. To assign the data source to a storage pool, you can select the receiver properties > Data Sources > Locate the data source(s) you with to log, then click the checkbox in the Logging column. This till bring up the storage pool choices to select from.
here are a couple screen shots to help
hope that helps!
-dMessage was edited by: dcobes on 8/21/13 1:38:59 PM CDT
I see that you have configured 2 storage devices, out of which one contains the management database. In order to add storage pools, we need to have management database on the storage device.
But, are you able create storage pools from the other storage device (which does not have the mgmt db) with the mgmt db on the other storage db?