We are trying to figure out different HA solutions for McAfee HDLP. Main focus is that ePO can be destroyed, but no events must be lost. One idea that came up was to use a SIEM agent to forward HDLP events from a flat file to clustered SIEM server.
Can McAfee HDLP logs events to a file? I know it writes all kinds of logs to files, but I cannot find any events in those files.
If that is not possible we have to buy more servers so we can get at least the ePO database into a MS cluster. Maybe even the ePO too, but the ePO cluster installation guide says the DB and ePO cluster cannot be on the same cluster. This means more physical servers might not be able to afford