cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

EPO not sending events to SIEM after upgrade to 5.10

Jump to solution
Not sure if this is an issue with EPO or SIEM or both, but after upgrading EPO to 5.10, I am no longer receiving events on the McAfee SIEM. Testing connection to website UI is successful, but to database is not. Checked permissions of DB user. All checks out good. Even attempted login with privileged user account, no good. I have logged into the server hosting the DB and accessed the DB with the service account that I am trying to authenticate with in the config. So I know permissions is good. Only difference I noticed is that the DB server created a new DB with "_Events" at the end. I looks to handle all the Endpoint Security apps on EPO. Problem is that I don't believe the SIEM can handle more than one DB at a time. If that's the case, I don't think this was a well-thought plan when it came to correlating with their other products. See errors I receive is below, regardless which DB i attempt to connect to. From SIEM data source config: Test connection unsuccessful. Test connect failed. (ER995). Please view the Help contents or contact Support for troubleshooting information as applicable. From SIEM /var/message/logs: Mar 15 14:51:17 McAfee libJobServer.so[3901]: Test connect returned with the following message: NotOk (4) Unable to query mssql server (check Database Name)
1 Solution

Accepted Solutions
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: EPO not sending events to SIEM after upgrade to 5.10

Jump to solution

@User17426568 

Can you confirm if the SIEM supported extension is in place?

SIEM Enterprise Security Manager (ESM)11.0SIEMCollector11.00.4271SIEMCollector

 

Let me know once.

Venu
1 Reply
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: EPO not sending events to SIEM after upgrade to 5.10

Jump to solution

@User17426568 

Can you confirm if the SIEM supported extension is in place?

SIEM Enterprise Security Manager (ESM)11.0SIEMCollector11.00.4271SIEMCollector

 

Let me know once.

Venu
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.