5 Replies Latest reply on Jan 3, 2014 5:14 AM by siddarth_t

    ELM Raw Logs Configuration

    vipinh

      Hi,

       

      I have installed McAfee SIEM 9.2.1 on VM - MFE Ent Sec Mgr, Ent Log Mgr and Event Receiver VM Unlimited from McAfee Grant Number. I have configured multiple data sources on it but i am not able to see Raw logs for any device. Do we need to make some settings to see Raw Data for device if yes then How ?

       

       

      Regards

      Vipin Hooda

        • 1. Re: ELM Raw Logs Configuration
          Peter M

          Moved to SIEM for better support.

          • 2. Re: ELM Raw Logs Configuration
            vipinh

            Hi,

             

            Thanks for reply, If you have knowledge then share or let someone who can help me for the same.

             

             

            Regards

            Vipin Hooda

            • 3. Re: ELM Raw Logs Configuration
              Peter M

              I merely moved it to where it will be noticed better.  Someone will be along soon hopefully.

              • 4. Re: ELM Raw Logs Configuration
                dcobes

                You need to setup storage pools on your Log Manager. Once you have the storage pools setup, you need to assign the specific data sources (if they are groups in a tree you can only assign a storage pool to the top level) to a storage pool.

                 

                This can be done by selecting your Log Manager properties and then Storage Pools. To assign the data source to a storage pool, you can select the receiver properties > Data Sources > Locate the data source(s) you with to log, then click the checkbox in the Logging column. This till bring up the storage pool choices to select from.

                 

                here are a couple screen shots to help

                storage001.png

                storage002.png

                 

                hope that helps!

                 

                -d

                 

                Message was edited by: dcobes on 8/21/13 1:38:59 PM CDT
                • 5. Re: ELM Raw Logs Configuration
                  siddarth_t

                  Hi,

                   

                  I see that you have configured 2 storage devices, out of which one contains the management database. In order to add storage pools, we need to have management database on the storage device.

                  But, are you able create storage pools from the other storage device (which does not  have the mgmt db) with the mgmt db on the other storage db?

                   

                  Regards,

                  Siddarth