cancel
Showing results for 
Search instead for 
Did you mean: 

Problem With SQL Plugin (MEF)

Hello,

I want to send data in SQL database via mcafee siem collector.

  1. created view in database
  2. Mapped this view in SQL Plugin, generated query and exported it in xml file format
  3. Configured SQL Log Plugin in SIEM Collector Management Utility

    4. Added Data Source in SIEM

But Mcafee SIEM Collector (debug.log)  said that -  No Records to process.


Please Help

Thanks

1.PNG2.PNG3.PNG4.PNG5.PNG6.PNG7.PNG

5 Replies
hok
Level 7
Report Inappropriate Content
Message 2 of 6

Re: Problem With SQL Plugin (MEF)

I think you should use Sequential ID or DateTime as Bookmark DB Field because It is used as a condition of the where clause.

Re: Problem With SQL Plugin (MEF)

Thanks for help

Re: Problem With SQL Plugin (MEF)

When selecting the event forwarding method in the SQL plugin, when you choose MEF you already map database fields to ESM fields. This means that no parsing will need to be done as it is already done by the sql plugin on the agent. In your data source configuration, select MEF as data format.

For the bookmark field, I suggest following hok's advise. Also, check the bookmark file. it could be that all records have already been processed but were not parsed by the receiver because of the misconfiguration in format. Delete the bookmark file or modify the record and restart the siem collector agent.

Re: Problem With SQL Plugin (MEF)

Thanks for help

Highlighted

Re: Problem With SQL Plugin (MEF)

Hello Team,

 

Could you please let us know from where to download this McAfee SQL database event utility ?

 

Thanks in advance.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator