cancel
Showing results for 
Search instead for 
Did you mean: 
vipinh
Level 7
Report Inappropriate Content
Message 1 of 6

ELM Raw Logs Configuration

Hi,

I have installed McAfee SIEM 9.2.1 on VM - MFE Ent Sec Mgr, Ent Log Mgr and Event Receiver VM Unlimited from McAfee Grant Number. I have configured multiple data sources on it but i am not able to see Raw logs for any device. Do we need to make some settings to see Raw Data for device if yes then How ?

Regards

Vipin Hooda

5 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 6

Re: ELM Raw Logs Configuration

Moved to SIEM for better support.

vipinh
Level 7
Report Inappropriate Content
Message 3 of 6

Re: ELM Raw Logs Configuration

Hi,

Thanks for reply, If you have knowledge then share or let someone who can help me for the same.

Regards

Vipin Hooda

exbrit
Level 21
Report Inappropriate Content
Message 4 of 6

Re: ELM Raw Logs Configuration

I merely moved it to where it will be noticed better.  Someone will be along soon hopefully.

dcobes
Level 9
Report Inappropriate Content
Message 5 of 6

Re: ELM Raw Logs Configuration

You need to setup storage pools on your Log Manager. Once you have the storage pools setup, you need to assign the specific data sources (if they are groups in a tree you can only assign a storage pool to the top level) to a storage pool.

This can be done by selecting your Log Manager properties and then Storage Pools. To assign the data source to a storage pool, you can select the receiver properties > Data Sources > Locate the data source(s) you with to log, then click the checkbox in the Logging column. This till bring up the storage pool choices to select from.

here are a couple screen shots to help

storage001.png

storage002.png

hope that helps!

-d

Message was edited by: dcobes on 8/21/13 1:38:59 PM CDT

Re: ELM Raw Logs Configuration

Hi,

I see that you have configured 2 storage devices, out of which one contains the management database. In order to add storage pools, we need to have management database on the storage device.

But, are you able create storage pools from the other storage device (which does not  have the mgmt db) with the mgmt db on the other storage db?

Regards,

Siddarth