cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ESM Dashboard filtering - Source and Destination Ports

Jump to solution

Hi!

When I tried to filter the logs by Destination Port that matches to: "7777", the query fails and I get this message: "There are no records to display". However, when i click "Event drilldown" and choose an aggregated event, in the destination port field there is the parsed "7777" value. After that i inspected the default dashboards, and its seems the device cannot display ports higher than 999. Why? Is it a bug? Any idea how to fix it?

Thank you!

Peter

1 Solution

Accepted Solutions
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 3

Re: ESM Dashboard filtering - Source and Destination Ports

Jump to solution

Hi Peter

You need to index those ports. By default only ports 1-1023 are indexed.

As per McAfee recommendation below index all ports. (However I had support calls where the engineers said that it could impact performance as well)

Please see Step 6:

To enable indexing on all ports:

  1. Click the System Properties button in the upper right of the interface.System-Properties-Button-Small.png
  2. Click Database.
  3. Click Settings. The Database Indexing window will open.
  4. Click the word Custom under the Events/Port heading. An option box will open.
  5. Click All from the option box.
  • Repeat the process for Flows/Port, modifying the setting from Custom to All.
  • Click OK.

Regards,

Japie

View solution in original post

2 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 3

Re: ESM Dashboard filtering - Source and Destination Ports

Jump to solution

Hi Peter

You need to index those ports. By default only ports 1-1023 are indexed.

As per McAfee recommendation below index all ports. (However I had support calls where the engineers said that it could impact performance as well)

Please see Step 6:

To enable indexing on all ports:

  1. Click the System Properties button in the upper right of the interface.System-Properties-Button-Small.png
  2. Click Database.
  3. Click Settings. The Database Indexing window will open.
  4. Click the word Custom under the Events/Port heading. An option box will open.
  5. Click All from the option box.
  • Repeat the process for Flows/Port, modifying the setting from Custom to All.
  • Click OK.

Regards,

Japie

View solution in original post

Highlighted

Re: ESM Dashboard filtering - Source and Destination Ports

Jump to solution

Thank You Japie!

Meanwhile I found it on my own, but thank you!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community