cancel
Showing results for 
Search instead for 
Did you mean: 

How to I make sure my events register source and destination IP address and MAC address as well as user?

I've been trying to track some events on my network using McAfee ESM 9.4, but many of the events don't show IP address or MAC addresses. I've been trying to figure out a way to configure ESM to show them but haven't been successful. Anybody experienced similar or same problem? Anybody knows a solution?

2 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 3

Re: How to I make sure my events register source and destination IP address and MAC address as well as user?

Moved provisionally to SIEM for better handling.  Moderator

ddd671
Level 9
Report Inappropriate Content
Message 3 of 3

Re: How to I make sure my events register source and destination IP address and MAC address as well as user?

What kind of data source created the events? Some data source logs may not have that information.  Best bet is to look at the packet tab and see if the data is even available. Assuming that the data is available, you may need to create a custom parser for it if the portions of the data you want aren't parsing.