cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Menzo
Level 7
Report Inappropriate Content
Message 1 of 3

McAfee EPO Threat Event Log vs Client Event Log.

Jump to solution

Hi !

Can someone help me understand what is the difference between McAfee EPO Threat Event Log and the Client Event Log.

I'm asking the question because in the McAfee "purge events server task best practice", they ask to purge Client Event Log older than 6 months and the Threat Event Log everyday ... ?

I do not understand why the Threat Event Log should be purged everyday ?

Can someone help me understand ?

Thanks 😉 

1 Solution

Accepted Solutions

Re: McAfee EPO Threat Event Log vs Client Event Log.

Jump to solution

Good evening,

the main difference is threat event log contains any Information about every protective and triggered rule of any installed product (eg.: ENS-Access Protection: Registering of programs to autorun; malware found, and likewise). Depending on how many Events were collected (manualy crafted rules were saved here too) , the database can rapitly grows to 100GB+

Client Event logs instead contain Informations about the status of installed product informations for each client and Tasks which are configured for the System and product (e.g. ODS was succesfull; Update complete; could not find repository, things like that).

 

But wether or not you purging all events should depend on your Company directive and what detention times were mandatory within your organization though there could be laws in your Country which could be well different from what your Company wants you to do - or not to do.

Easiest way is to ask the SecOff or likewise within your Company for how long you are legally obliged to save those informations.

 

English is not my native language, so there may be several mistaktes within this post for which I am sorry - please don´t mind though.

greetings

2 Replies

Re: McAfee EPO Threat Event Log vs Client Event Log.

Jump to solution

Good evening,

the main difference is threat event log contains any Information about every protective and triggered rule of any installed product (eg.: ENS-Access Protection: Registering of programs to autorun; malware found, and likewise). Depending on how many Events were collected (manualy crafted rules were saved here too) , the database can rapitly grows to 100GB+

Client Event logs instead contain Informations about the status of installed product informations for each client and Tasks which are configured for the System and product (e.g. ODS was succesfull; Update complete; could not find repository, things like that).

 

But wether or not you purging all events should depend on your Company directive and what detention times were mandatory within your organization though there could be laws in your Country which could be well different from what your Company wants you to do - or not to do.

Easiest way is to ask the SecOff or likewise within your Company for how long you are legally obliged to save those informations.

 

English is not my native language, so there may be several mistaktes within this post for which I am sorry - please don´t mind though.

greetings

Menzo
Level 7
Report Inappropriate Content
Message 3 of 3

Re: McAfee EPO Threat Event Log vs Client Event Log.

Jump to solution

Thanks @Don_Martin 

Really appreciate your explanation.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community