cancel
Showing results for 
Search instead for 
Did you mean: 

MFE SIEM Collector 10.03 (w/Linux Collector)

Anyone tried

MFE SIEM Collector 10.03 (w/Linux Collector)

mcafee-siem-collector-10.03.62106-1417.i686.rpm??

I tried installing it on a Red Hat Enterprise Linux Server release 6.5 (Santiago) with the configurations below, however, I still can't get any syslog events to the SIEM. Any thoughts please? any documentations other than those are much appreciated  http://s-download.mcafee.com/corporate/products/protected/SIEM/SIEM_9.5.0/Receiver/SIEMCollector/SIE...

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24599/en_US/...

http://s-download.mcafee.com/corporate/products/protected/SIEM/SIEM_9.5.0/Receiver/SIEMCollector/SIE...

Thanks,

Screen Shot 2015-07-14 at 22.09.16.png

Screen Shot 2015-07-14 at 22.12.07.png

4 Replies
rpd85
Level 9
Report Inappropriate Content
Message 2 of 5

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

Still learning myself, but I'm pretty sure the Linux Collector cannot be managed via ePO; you would have to edit the local config files instead. The policy screens you posted the screenshots of would only apply to the Windows version.

Also, there is no documentation for the 10.x version of the Linux Collector (although someone posted documentation for version 9.1 here, and hopefully it all still applies: https://community.mcafee.com/thread/74266)

I've been experimenting with it myself without success thus far, and was actually told by a Support rep that support techs currently are not even being trained on supporting it, so it seems to not be a very common method of collecting Linux logs...

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

Thanks for you response.

I haven't done he local config for the siem yet. Problem is I have a massive linux boxes and it would be way too easy to manage those via ePO.
Scott Taschler is the expert for SIEM on here and I hope he will be able to answer this.

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

You have 2 methods to get logs from Linux:

1- Use an agent - install mcAfee event collector: edit its configuration file /etc/mcafee/mcafee_event_collector.conf, change rec_IP, rec_port, and host_ID (Value entered into the corresponding field of the agent configuration using MEF data retrieval)

Remember to restart the agent after the changes are made in the config file.

2- configure linux system to send out syslog

Highlighted

Re: MFE SIEM Collector 10.03 (w/Linux Collector)

Thanks for you response joannab!

The syslog config is within the siem collector configuration. I have already done that. I also verified that it is not a firewall issue.

Still waiting on support to verify if the siem collector for linux can be manged by ePO

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator