cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

New Agent Handler - Lots of Audit Log Entries

Jump to solution

I just installed a replacement DMZ agent handler (ePO version 5.10) on server 2016. I was previously running the agent handler on an old VM running server 2008 R2. The agent handler seems to be working correctly, but I'm seeing a ton of audit logs now related to AH logins/certs/keystore backups etc. These are showing up about every minute and keep repeating. Any ideas? Is this behavior normal? I don't remember seeing these logs from our previous AH.

 


User Name Priority Action Details Success Start Time Completion Time
system_ah01-dmz-epo Medium Backup Keystore Backup keystore Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Download Keystore File Keystore zipped and downloaded Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Logon Attempt Successful Logon for user "system_ah01-dmz-epo" from IP address: 172.x.x.x Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Valid server certificate check The server certificates match the database. Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Logon Attempt Successful Logon for user "system_ah01-dmz-epo" from IP address: 172.x.x.x Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Valid server certificate check The server certificates match the database. Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Logon Attempt Successful Logon for user "system_ah01-dmz-epo" from IP address: 172.x.x.x Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Is Admin Is Admin Command Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT
system_ah01-dmz-epo Low Logon Attempt Successful Logon for user "system_ah01-dmz-epo" from IP address: 172.x.x.x Succeeded 5/14/19 9:06:48 AM EDT 5/14/19 9:06:48 AM EDT

1 Solution

Accepted Solutions

Re: New Agent Handler - Lots of Audit Log Entries

Jump to solution

This issue has been solved by installing 5.10 Update 3 on my ePO server and my agent handler.

 

Thanks!

5 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: New Agent Handler - Lots of Audit Log Entries

Jump to solution

By any chance, is the server service on the agent handler restarting frequently?  Any errors in that server log?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: New Agent Handler - Lots of Audit Log Entries

Jump to solution

Yes this appears to be it.  I'm seeing lots of app crash events for apache.exe in application event viewer.  I already had a service request opened yesterday (it's closed now) for getting the AH installed on my new 2016 server VM.  The install was failing because it wasn't pulling down needed certs for apache.  The support engineer changed a registry option for apache/tomcat on our ePO server, and this allowed the AH to be installed successfully.  I guess we are still having issues though if the service is crashing every minute or so.  Please advise.

 

Thanks!

Re: New Agent Handler - Lots of Audit Log Entries

Jump to solution

I probably need to reopen my service request as this is obviously not 100% resolved yet.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: New Agent Handler - Lots of Audit Log Entries

Jump to solution

Send me your SR number in private chat pls.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: New Agent Handler - Lots of Audit Log Entries

Jump to solution

This issue has been solved by installing 5.10 Update 3 on my ePO server and my agent handler.

 

Thanks!

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community