cancel
Showing results for 
Search instead for 
Did you mean: 

ESM - Migrating Datasource From Group To "Direct" Reference

Hi All,

Wanted to see if anyone had any experience or guidance on this issue.

The environment has a large number of datasources configured in groups, these groups are supposed to represent physical locations and look like the following:

XXX - Syslog -> Null IP (127.0.0.1)

     Group 1

          XXX - HOSTNAME -> IP of Device (X.X.X.X)

          XXX - HOSTNAME -> IP of Device (X.X.X.X)

This is causing a number of issues:

     1. Null IP causes a false inactivity flag which is a pain when you have 57 groups, this also reduces visibility on actual inactive datasources that are inside the group, since you have to expand the group to see what its or is not inactive. Visibility is reduced further because all groups throw a false inactivity flag at all times (Due to the Null IP).

     2. Because all groups have to be configured as either client or child data sources this reduced the data type flexibility, say if you have Cisco IOS devices, you cant have a device of another type i.e. F5 Load Balancer under the same group.

So what I wanted to do is migrate all these datasources out of the folders and back as "direct" references, is this doable without deleting the datasource? I've looked around and haven't found any information.

One thing I did think about doing was deleting the datasource and re-adding it, this was under the assumption that when you re-add a datasource it would re-linked to existing data based on the IP address, however I found a few articles that suggested all data for a datasource is deleted upon the deletion of the datasource, is this still true?

Anyone have any suggestions?

Note: This was a design decision made by an implementing company and existed before "we" started managing the platform.

Many Thanks!

2 Replies
kmc
Level 12
Report Inappropriate Content
Message 2 of 3

Re: ESM - Migrating Datasource From Group To "Direct" Reference

You can disable inactivity setting for XXX - Syslog -> Null IP (127.0.0.1)

Re: ESM - Migrating Datasource From Group To "Direct" Reference

I've tried this below, I think it also disables inactivity settings for all child/client datasources? If I select the inactivity setting for the Null IP I can't see any devices underneath it,

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community