1. Is there a way to increase the buffer size of the traffic logging section?
In the Host IPS General Client UI policy, Troubleshooting tab, increase the Activity Log size (MB) value.
2. Is there a way to turn on logging, for just log all allowed, traffic?
In the Host IPS Client UI, Activity Log, enable the Log All Allowed option only. This cannot be controlled via ePO policy.
3. Is there a way to read or add additional information to the event.log file?
The event.log file is only meant to be read by the Host IPS Client UI, which is translated to the Activity Log, which can be exported to the McAfeeFireLog.txt file (which is the exported readable format of the event.log file), when you click on Save option in the Client UI.
Thanks alot Kary
May i know where do i get Firewall events logs in ePO queries, as my HIPS client shows many Traffic logs, but i'm unable to find those from ePO console.
Host IPS Firewall events (ALLOWED/BLOCKED) are not sent to ePO. They reside only in the local HIPS Activity log in the Client UI.
But it has to be Centralize..., as we can't visit each system for getting logs. It will be time consuming job.
There is no another way to centralize???.....