cancel
Showing results for 
Search instead for 
Did you mean: 

Unknown Messages Export from ELM

Hello guys,

I would like to export all not parsed messages which are visible on ESM us unknown to one file based log source type.

Is there any command how to do that?

4 Replies

Re: Unknown Messages Export from ELM

No that I am aware.

But you may want to add them into the "Unknown events" bucket (set a data source "Support Generic Syslogs" to "Log "unknown syslog" event").

Highlighted

Re: Unknown Messages Export from ELM

Hi Rhinomike,

I did it already. I would like to export only all uknown messages to one file. I was possible to do on RSA enVision SIEM product. I do not understand why such simply option is to availalbe on McAfee....

Maybe someone else know how to do this? Support suggest mi to open PER case which is totaly absurd in current situation.

I need to start few PER case to complete another one..... ah....

Re: Unknown Messages Export from ELM

Michael,

I'm affraid PER is the way to go...

I happened to have asked a similar question, that is, to be able to see what rule is triggered by a particular log line without having to search for any particular field of re-ingest the line and I was told to add a fake data source and all source of bizarre recommendations.

Cheers

Re: Unknown Messages Export from ELM

Could you please be elaborate. How to create and add to bucket. Do we need to write custom parser?
This is global problem of Nitro and I am getting millions of Unknown events every hour.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community