cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to receive ePO events ID 1118 - succesful dat update to agent

I'm using a 3rd party SIEM to get events from ePO 4.5/4.6

I have validated ePO that the system is generating events 1119 ok - these are visible on mssql with

select distinct threatevtid from epoevents;

but no events 1118 are there

I have:

-ticked the 'send all events' in ePO server settings under filter events tabs (for agents to send all the events to ePO);

-tried uploading new DAT Update to ePO master repository and push it to agents;

-set agents to send events with level >= informational;

-reduced agent-to-server communication time;

-tried manual send of events from a a managed host after pushing the new DAT;

with no luck, update managed host agent is sending various events back to epo  - but not a single 1118 event.

anyone has got a clue on what I'm missing?

Thanks in advance

5 Replies

Re: Unable to receive ePO events ID 1118 - succesful dat update to agent

anyone?

Re: Unable to receive ePO events ID 1118 - succesful dat update to agent

Try event ID 2401 instead.

Separately, turning off the event filter is a sure-fire way of losing free disk space on the Sql database. not advisable to leave it that way 

Rgds,

Rob.

Re: Unable to receive ePO events ID 1118 - succesful dat update to agent

thanks rackroyd,

do you have any idea in which table are 2401/2402 stored?

I believe this are 'server-side' events as opposed to clientside 1118-1119?

Regards

Message was edited by: nellicus on 01/06/12 04:22:40 CDT

Re: Unable to receive ePO events ID 1118 - succesful dat update to agent

The relationship between events & DB tables is not necessarily simple.

If you are looking to query the data directly from the Database you should open a support case with McAfee to discuss the options.

Kind Regards,

Rob.

Re: Unable to receive ePO events ID 1118 - succesful dat update to agent

far from my assumptions that relationship between tables is simple.

I'll get in touch soon with mcafee tier2.

Thanks

Regards

on 01/06/12 05:14:43 CDT