cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Dimm
Dimm
Level 9
Report Inappropriate Content
Message 11 of 12
‎07-24-2019 01:40 AM

Re: McAfee ESM is forwarding old events, behind by ~2 weeks

Although on 10.3.x we have the same issue with backlog (2-3 weeks), it didn't help to reduce the amount of forwarded events by tuning the forwarding. Even with small amount of EPS the backlog was still there.

Unfortunately we have got a major system outage for some other reason, but after restarting services and rebuilding DB, the backlog is not here anymore. Even when I changed "last forwarded event" to 2 days back to keep up, it has been handled ok and backlog is not there anymore. Forwarding forwards in near real-time.

Worth to mention, we did cp/db services restarts in a meanwhile and it did affect event fwd backlog. Maybe worth trying to change date back for couple of days and monitor will it keep up.

0 Kudos
Reply
Highlighted
Ivan_S
Ivan_S
Level 7
Report Inappropriate Content
Message 12 of 12
‎08-02-2019 08:05 AM

Re: McAfee ESM is forwarding old events, behind by ~2 weeks

Hello there, actually the same thing happened recently with my ESM. A few service restarts for another reason bumped up EPS to ~1000 a couple of weeks ago; ESM sends event almost in real-time now.

Okay, the design is broken there, looking forward to version 11.

 

Thank you all for sharing experience, it really helps!

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC