cancel
Showing results for 
Search instead for 
Did you mean: 
Isagel
Level 7
Report Inappropriate Content
Message 1 of 6

Threat Event Log in ePO 4.5 not logging

I just noticed that none of our machines managed by ePO are sending back any threat event info.  Thoughts on why or where the problem might be?

Looks like it started when I migrated ePO to another server with a different IP.

5 Replies

Re: Threat Event Log in ePO 4.5 not logging

Did the name of the server also change? How did you "migrate" ePO to another server with differnt IP address? Provide the steps you took.

Highlighted
Isagel
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Threat Event Log in ePO 4.5 not logging

Actually sorry, correction - IP stayed the same but server name changed.  I followed the steps in KB51438:

Backed up ePO DB, extensions, conf/catalina, keystores directories

Backed up Key-Store pairs

Backed up SQL DB

Installed a new copy of ePO on the new server, same patch level & directory

Attached DB to SQL express on the same server as ePO

Restored contents of the backed up directories

Restored backed up key pairs

Generated new certificates because host name changed

Re: Threat Event Log in ePO 4.5 not logging

Are the ports same on your old server as they are on your new server?

Are the agents even communicating with your new server at all? or only failing to send threat events?

Do you see any managed nodes in your new ePO server at all?

Can you please describe the problem in a bit more detail?

Isagel
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Threat Event Log in ePO 4.5 not logging

I actually migrated to the new ePO server months ago and only just noticed the threat event logs were empty since the day of the migration.  The agents are only failing to send threat events to ePO.  All the agents are communicating with ePO though.  All ports are the same on the new server as they were on the old.

I will investigate this more on my own.  Thanks.

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Threat Event Log in ePO 4.5 not logging

I'm guessing the primary event source will be VirusScan?  Possibly an obvious one, but make sure you have checked in the latest reporting extension for VirusScan - it's the reporting extension that allows ePO to understand the events coming from the point products.

HTH -

Joe

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community