cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

MFE SIEM Collector 10.03 (w/Linux Collector)

Anyone tried

MFE SIEM Collector 10.03 (w/Linux Collector)

mcafee-siem-collector-10.03.62106-1417.i686.rpm??

I tried installing it on a Red Hat Enterprise Linux Server release 6.5 (Santiago) with the configurations below, however, I still can't get any syslog events to the SIEM. Any thoughts please? any documentations other than those are much appreciated  http://s-download.mcafee.com/corporate/products/protected/SIEM/SIEM_9.5.0/Receiver/SIEMCollector/SIE...

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24599/en_US/...

http://s-download.mcafee.com/corporate/products/protected/SIEM/SIEM_9.5.0/Receiver/SIEMCollector/SIE...

Thanks,

Screen Shot 2015-07-14 at 22.09.16.png

Screen Shot 2015-07-14 at 22.12.07.png

4 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 5

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

Still learning myself, but I'm pretty sure the Linux Collector cannot be managed via ePO; you would have to edit the local config files instead. The policy screens you posted the screenshots of would only apply to the Windows version.

Also, there is no documentation for the 10.x version of the Linux Collector (although someone posted documentation for version 9.1 here, and hopefully it all still applies: https://community.mcafee.com/thread/74266)

I've been experimenting with it myself without success thus far, and was actually told by a Support rep that support techs currently are not even being trained on supporting it, so it seems to not be a very common method of collecting Linux logs...

Highlighted

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

Thanks for you response.

I haven't done he local config for the siem yet. Problem is I have a massive linux boxes and it would be way too easy to manage those via ePO.
Scott Taschler is the expert for SIEM on here and I hope he will be able to answer this.

Highlighted

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

You have 2 methods to get logs from Linux:

1- Use an agent - install mcAfee event collector: edit its configuration file /etc/mcafee/mcafee_event_collector.conf, change rec_IP, rec_port, and host_ID (Value entered into the corresponding field of the agent configuration using MEF data retrieval)

Remember to restart the agent after the changes are made in the config file.

2- configure linux system to send out syslog

Highlighted

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

Thanks for you response joannab!

The syslog config is within the siem collector configuration. I have already done that. I also verified that it is not a firewall issue.

Still waiting on support to verify if the siem collector for linux can be manged by ePO

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community