5 Replies Latest reply on Jun 1, 2012 5:14 AM by nellicus

    Unable to receive ePO events ID 1118 - succesful dat update to agent

      I'm using a 3rd party SIEM to get events from ePO 4.5/4.6


      I have validated ePO that the system is generating events 1119 ok - these are visible on mssql with


      select distinct threatevtid from epoevents;


      but no events 1118 are there


      I have:


      -ticked the 'send all events' in ePO server settings under filter events tabs (for agents to send all the events to ePO);

      -tried uploading new DAT Update to ePO master repository and push it to agents;

      -set agents to send events with level >= informational;

      -reduced agent-to-server communication time;

      -tried manual send of events from a a managed host after pushing the new DAT;


      with no luck, update managed host agent is sending various events back to epo  - but not a single 1118 event.


      anyone has got a clue on what I'm missing?


      Thanks in advance