4 Replies Latest reply on Feb 10, 2011 10:38 AM by JoeBidgood

    Event IDs



      I am new to McAfee ePO and have what I think is a simple question that someone can help me with.


      Basically I found this link of event IDs, https://kc.mcafee.com/corporate/index?page=content&id=KB54677, and I am curious about where these events are generated.  Are they generated in the ePO database or are they also sent to one of the Windows event logs?  If they are generated in the ePO DB, which table are they recorded in as I would like to monitor them from our central monitoring solution?


      Thanks in advance for any advice.

        • 1. Re: Event IDs

          You can set-up SNMP anyway within ePO (check the ePO Product Guide for more information)


          Open up ePO Console -> Menu -> Configuration -> Registered Servers, Click New Server and Select SNMP. Fill in the required information.


          The Agent sends the events to the server based on the events filtering rule from the server.


          Open up ePO Console -> Menu -> Configuration -> Server Settings -> Event Filtering


          Events are stored here [EPOEvents]





          1 of 1 people found this helpful
          • 2. Re: Event IDs

            Strictly speaking, these events are generated by the point product on the client machine (e.g. VirusScan.) They are passed back to the ePO server by the agent, and processed into the database by the eventparser service on the ePO server (or agent handler.) As Ian mentions, the majority of events are stored in the ePOEvents table: however some point products use their own event tables.


            HTH -



            1 of 1 people found this helpful
            • 3. Re: Event IDs

              Thanks for the feedback, that's great.  :-)


              Would you happen to know whether AV and GroupShield store their events in the ePOEvents table?

              • 4. Re: Event IDs

                Yep, both of those use the ePOevents table as far as I know.


                HTH -



                1 of 1 people found this helpful