5 Replies Latest reply: Feb 14, 2013 10:27 AM by Kary Tankink RSS

    auotmated log generation for HIPS  8




      as a part of local IT second level i am automating the collection of logfiles for several issues

      we are encountering.  

      As i found the Logs located in "C:\ProgramData\McAfee\Host Intrusion Prevention" are not

      as detailled as we need them to be.

      sometimes it is neccecary to collect the detailled logs from the HostIntrusioinPrevention.


      Until now we do the following by hand to collect the logs:

      - manage Features / HIPS

      --> toogle to the activity-log and press "export"


      How can i do that log export automated ?



      Thanks and Best Regards

        • 1. Re: auotmated log generation for HIPS  8
          Kary Tankink

          PD23014 - Host Intrusion Prevention 8.0 ClientControl.exe Utility Readme

          Exporting the Host IPS Activity Log to a text file.

          1. Open a command shell.

          2. Run clientcontrol.exe /export <path of export file>

          3. Copy the exported log file to another computer for collection, analysis, etc.

          • 2. Re: auotmated log generation for HIPS  8

            Hello Kary,


            thank you for your suggestion.

            The logs are both containing information about the hips- however the way it is displayed is different.


            here is one entry from the mcafeefirelog.txt from the desktop - manually exported


            Time:     11.02.2013 08:42:34

            Event:     Traffic

            IP Address/User:

            Message:     Blocked Incoming UDP -  Source :  (17500)  Destination :  (17500)

            Matched Rule:     Block All Traffic


            and here is one exported with clientcontrol.exe


            Time:             11.02.2013 09:08:43

            Event Type:         Traffic

            IP Address:

            Sniffer CAP:        

            Rule ID:        

            Protocol:         17

            Local IP Address:

            Local Port:         43440

            Remote IP Address:

            Remote Port:         50661

            Inbound:         True

            Permit:             False

            Process ID:         0


            Description:         Block All Traffic



            Unfortunately the exported file is not as good to read as the manually exported one.

            Another issue i found is that the entries you gain are not the same. 

            I could not find the same entries for the same time in both logs for that example i posted above.





            • 3. Re: auotmated log generation for HIPS  8
              Kary Tankink

              This is correct.  The McAfeeFireLog.txt (your first example; non-ClientControl log) has no automated export process; it must be manually exported by clicking on the EXPORT option in the Host IPS Client UI.

              • 4. Re: auotmated log generation for HIPS  8

                Hello Kary,


                it would be great if such a feature could be implemented in the future- that could save me a lot of work


                Thanks for your answer

                • 5. Re: auotmated log generation for HIPS  8
                  Kary Tankink

                  Please submit a PER if you'd like to request functionality in a future product version.


                  KB60021 - Information about Product Enhancement Requests for McAfee products