Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee IPS integration problem

I have integrated McAfee IPS (network security Manager )with my Mcafee ESM.  But it not displaywith different category events. ESm display all the logs in one raw with onecategory name.  Please let me is thereany integration problem with ESM? How can I integrate properly with ESM.

I really appreciate your support gentlemen’s.

5 Replies
Level 13
Report Inappropriate Content
Message 2 of 6

Re: McAfee IPS integration problem

There was an old version of the NSM parser that worked this way, but it should no longer be the case with the current parser.  You should verify the following:

  • Ensure you are using the proper parser. 
    • If you are pulling events via syslog, the parser is "Network Security Manager (ASP)". 
    • If you are using the SQL Pull method of retrieving events from NSP, you should have your NSP defined as a "device", not a "data source" (select ESM, then click button for "Add Device" and select "McAfee Network Security Manager".

  • Ensure you have the latest rules downloaded and rolled out to your Receivers.


Re: McAfee IPS integration problem

hi Scott,

thank you for your reply.

I have updated rules and roll out for devices, but still i am receiving assame. i am getting only one category with i attached below screen shot. Also I haveattached IPS setting for your more information. Please let me know what I haveto do for parser McAfee IPS logs properly.

Thank you,




Level 13
Report Inappropriate Content
Message 4 of 6

Re: McAfee IPS integration problem

It's not entirely clear what the problem is here.  The events you are seeing here do not look at all like events that would come from NSP.  Since you have configured the NSP parser to receive via syslog, have you configured your NSM to send events to the ESM via syslog?  You might have best results contacting McAfee Support for assistance.


Re: McAfee IPS integration problem

I have integrated McAfee IPS with ESM with the help of McAfeeSIEM Technical support team. If anyone want to intergrade McAfee IPS , add thisas devices not as data source.  You haveto follow below step to get the max.

  1. First upgrade the ESM on the supported version (either9.2.2 or 9.3.1). 
  2. Make sure McAfee NSM is on supported version(7.1.3 or later).
  3. You must run the NSM Configuration Utility  on the Server running the NSM MySQL

For your reference, please findthe link to the same below.

     4.   Add McAfee NSM as device on ESM, test the SQL rootuser connectivity and NSM admin connectivity.

This will enable add automatically  childe sensors whichare configured with NSM.

All the Best,

Level 10
Report Inappropriate Content
Message 6 of 6

Re: McAfee IPS integration problem

To configure the NSM in the SIEM you must prepare the MySql database to accept connections from the receiver ip address here's the commands:

Assuming that scenario:

SIEM Receiver IP:

NSM Manager IP::

User to access the NSM database from SIEM: siem pass: siempass (you must change without special characters)

A)Access to the windows system in the NSM Manager and run the following commands:

  • C:\Program Files (x86)\McAfee\Network Security Manager\MySQL\bin>mysql --user=root mysql -p (ask for the root password)
  • add a mysql user to read the lf database from the siem ip address: create user siem@ identified by 'siempass';
  • grant permisions to the lf table to siem user: grant select in lf.* to 'siem'@'';

B) Create a new device in NSM:





Now you are getting connected with NSM and SIEM

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community