I just noticed that none of our machines managed by ePO are sending back any threat event info. Thoughts on why or where the problem might be?
Looks like it started when I migrated ePO to another server with a different IP.
Actually sorry, correction - IP stayed the same but server name changed. I followed the steps in KB51438:
Backed up ePO DB, extensions, conf/catalina, keystores directories
Backed up Key-Store pairs
Backed up SQL DB
Installed a new copy of ePO on the new server, same patch level & directory
Attached DB to SQL express on the same server as ePO
Restored contents of the backed up directories
Restored backed up key pairs
Generated new certificates because host name changed
Are the ports same on your old server as they are on your new server?
Are the agents even communicating with your new server at all? or only failing to send threat events?
Do you see any managed nodes in your new ePO server at all?
Can you please describe the problem in a bit more detail?
I actually migrated to the new ePO server months ago and only just noticed the threat event logs were empty since the day of the migration. The agents are only failing to send threat events to ePO. All the agents are communicating with ePO though. All ports are the same on the new server as they were on the old.
I will investigate this more on my own. Thanks.
I'm guessing the primary event source will be VirusScan? Possibly an obvious one, but make sure you have checked in the latest reporting extension for VirusScan - it's the reporting extension that allows ePO to understand the events coming from the point products.