5 Replies Latest reply on Jul 24, 2012 3:26 AM by JoeBidgood

    Threat Event Log in ePO 4.5 not logging

    Isagel

      I just noticed that none of our machines managed by ePO are sending back any threat event info.  Thoughts on why or where the problem might be?

       

      Looks like it started when I migrated ePO to another server with a different IP.

        • 1. Re: Threat Event Log in ePO 4.5 not logging

          Did the name of the server also change? How did you "migrate" ePO to another server with differnt IP address? Provide the steps you took.

          • 2. Re: Threat Event Log in ePO 4.5 not logging
            Isagel

            Actually sorry, correction - IP stayed the same but server name changed.  I followed the steps in KB51438:

             

            Backed up ePO DB, extensions, conf/catalina, keystores directories

            Backed up Key-Store pairs

            Backed up SQL DB

             

            Installed a new copy of ePO on the new server, same patch level & directory

            Attached DB to SQL express on the same server as ePO

            Restored contents of the backed up directories

            Restored backed up key pairs

            Generated new certificates because host name changed

            • 3. Re: Threat Event Log in ePO 4.5 not logging

              Are the ports same on your old server as they are on your new server?

               

              Are the agents even communicating with your new server at all? or only failing to send threat events?

               

              Do you see any managed nodes in your new ePO server at all?

               

              Can you please describe the problem in a bit more detail?

              • 4. Re: Threat Event Log in ePO 4.5 not logging
                Isagel

                I actually migrated to the new ePO server months ago and only just noticed the threat event logs were empty since the day of the migration.  The agents are only failing to send threat events to ePO.  All the agents are communicating with ePO though.  All ports are the same on the new server as they were on the old.

                 

                I will investigate this more on my own.  Thanks.

                • 5. Re: Threat Event Log in ePO 4.5 not logging
                  JoeBidgood

                  I'm guessing the primary event source will be VirusScan?  Possibly an obvious one, but make sure you have checked in the latest reporting extension for VirusScan - it's the reporting extension that allows ePO to understand the events coming from the point products.

                   

                  HTH -

                   

                  Joe