cancel
Showing results for 
Search instead for 
Did you mean: 

Flat File Harvesting

Jump to solution

Hi guys,

I'm a newbie to ESM and I'm trying to find out the best way to harvest flat files from Windows servers, e.g. SQL Error Logs, IIS Error logs, etc.  I also have a requirement to take SQL audit logs.

I'm aware that there is an agent that may do this, but at present all of my data sources are WMI and syslog only.

Can anybody suggest the best practice for achieving the above, preferably with a link to installation steps/screen shots.

Thanks in advance.

1 Solution

Accepted Solutions
abanaru
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Flat File Harvesting

Jump to solution
4 Replies
abanaru
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Flat File Harvesting

Jump to solution

Re: Flat File Harvesting

Jump to solution

Hi Abanaru,

Thanks for the speedy reply, that looks perfect.  Just one more question though - I have a number of Windows data sources that are already having their logs taken via WMI.  If I then wanted to harvest SQL/IIS logs from these same boxes using the agent, could you recommend best practice to achieve this.  I have tried to add the agent as a child data source, but it won't allow me to change from WMI to syslog.

Many thanks.

abanaru
Level 11
Report Inappropriate Content
Message 4 of 5

Re: Flat File Harvesting

Jump to solution

That is correct. You can't make many changes if you're using child data sources, not to mention client data sources.

If you want to keep the WMI, the receiver will not allow you to have two data sources sharing the same IP address. There are some workarounds to use hostname for one and IP address for another but in your case for the ones from which you want to collect SQL/IIS I would recommend collecting only using the SIEM Collector. The SIEM collector can collect all the events you're already collecting via WMI and also encrypt this traffic.

Re: Flat File Harvesting

Jump to solution

Many thanks and best regards.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community