cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution
Even though Endpoint Security Platform and Threat Prevention as well as Solidcore are installed on the endpoint, the "Products" selection menu only lists the McAfee Agent.
1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

Ok, good.  If you wan to open a ticket with McAfee on that to fix that, we can get it to dev, but I first should inform you that the later versions of 5.6 and newer going forward will have remote access to all logs disabled to resolve a vulnerability.  You might want to consider that when changing those permissions.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

8 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

First thing, I would check if product extensions like ENS/solidcore installed in ePO and in Running state. If yes then we would check MA logs (p and masvc.log) to understand the cause for property collection failure.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 3 of 9

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

What version of the agent?  The masvc, macompatsvc and macmnsvc log (in c:\programdata\mcafee\agent\logs on the client) would show some errors with the agent communicating with the point products.  If you are running an older version of the agent, you might want to try upgrading it, or reinstalling the agent with a forceinstall.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

Digging a bit deeper, the problem seems to be at least partially related to log file ownership & permissions. For a Linux endpoint, I'm able to view the macmnsvc<hostname>.log from the browser. I can't view the other agent logs. The logging shows 4 of 6 http connections made, but 2 of 6 with the 403 Forbidden message. Furthermore, while logged into the endpoint I see the macmnsvc is owned by mfe:mfe, while the other log files (which can't be viewed via http) are owned by root:root and permissions are -rw-r----- (ie no read permissions if not root or in the root group). Also both isecespd.log and isectpd.log (ENS platform & threat prevention) are root:root and -rw------- (read/write for root only).

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 5 of 9

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

What agent version, exact build, are you running?  Can you view the logs in the physical file location on the system?  Are you trying to open those all only remotely? 

/var/McAfee/agent/logs

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

By the way, those permissions appear to be normal.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

After locally chmod'ing the log files to 644, I can view all the agent logs via http/browser.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

Ok, good.  If you wan to open a ticket with McAfee on that to fix that, we can get it to dev, but I first should inform you that the later versions of 5.6 and newer going forward will have remote access to all logs disabled to resolve a vulnerability.  You might want to consider that when changing those permissions.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Why can I not view McAfee Product logs (other than the agent) from ePO 5.9.1?

Jump to solution

Agent version is 5.5.1.342. Yes, I can view the logs locally (ie while logged into the endpoint host).

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator