Our current version of McAfee ePO 4.6.5 is at End-of-Support
and we need to upgrade to version 5.X. - and have created a test environment with ePO version 5.3.2
we use splunk_app_db_connect v2 version 2.1.3
which was correctly connecting to and querying ePO 4.6.5 (using the default query from Splunk TA for
after updating to ePO 5.3.2 in our test environment, I
replaced the stanza in inputs.conf with the default query for ePO 5 from
splunk TA for McAfee template.
ePO is running on Windows 2008R2
splunk is connecting to the database correctly (using the sa account), but when the
query runs there is an error in the dbx2.log:
[ERROR] [ws.py] [DBInput Service] Esception encountered from
server on message for entity-name = mi_input://ta_mcafee_epo_5_input and type =
input with error = ERROR: com.microsoft.sqlserver.jdbc.SQLServer Exception: A
processing error "Invalid object name 'EPOProdPropsView_VIRUSCAN'."
indeed if I look at the ePO database (using MSSQL server management studio as an admin user) , I see
In my test environment I have a single Linux Client (RHEL 5.7) with VSEForLinux 1.9.0 and agent 4.8.0 (all pushed via ePO). I have successfully configured an on-demand scan via ePO and placed the EICAR test virus on the Linux client....the virus was quarantined and reported as such in the ePO GUI. - so ePO and Linux-related packages and extensions appear to be working correctly
Am I missing some step in the installation that would otherwise have created the view in question?
Thanks so much for any help
Solved! Go to Solution.