5 Replies Latest reply on Jun 1, 2012 5:14 AM by nellicus

    Unable to receive ePO events ID 1118 - succesful dat update to agent

      I'm using a 3rd party SIEM to get events from ePO 4.5/4.6

       

      I have validated ePO that the system is generating events 1119 ok - these are visible on mssql with

       

      select distinct threatevtid from epoevents;

       

      but no events 1118 are there

       

      I have:

       

      -ticked the 'send all events' in ePO server settings under filter events tabs (for agents to send all the events to ePO);

      -tried uploading new DAT Update to ePO master repository and push it to agents;

      -set agents to send events with level >= informational;

      -reduced agent-to-server communication time;

      -tried manual send of events from a a managed host after pushing the new DAT;

       

      with no luck, update managed host agent is sending various events back to epo  - but not a single 1118 event.

       

      anyone has got a clue on what I'm missing?

       

      Thanks in advance