2 Replies Latest reply on Feb 20, 2014 3:02 PM by msiemens

    Unable to install Content Security Reporter in ePO 5.0.1

    msiemens

      We're migrating from ePO v4.6 to v5.0.1. We're standing up new servers to do this. When I attempted to install the CSR extension in ePO, I receive a message that it's not compatible. Tech support and our McAfee rep confirm this.

       

      Really? What are ePO v5.x customers using for reporting?

       

      When I dug into it, I found that CSR compatibility is scheduled for Q4 2013. ePO 5.0.1 has been been RTW since March 25. I can't find anyone else mentioning this issue. Does anybody use CSR?

       

      I find this very frustrating.

        • 1. Re: Unable to install Content Security Reporter in ePO 5.0.1
          agentdr8

          Has 5.0.1 compatibility been fixed? We're looking at also installing CSR, but if McAfee isn't going to fix it for 5.0.x, then we'll just plan to move ePO to 5.1.

          • 2. Re: Unable to install Content Security Reporter in ePO 5.0.1
            msiemens

            Sorry agentdr8, McAfee wasn't forthcoming with an answer and I couldn't wait so I'm using Web Reporter.

             

            I implemented access log process by:

             

            1. editing the access log header to write the log file header in a form compatible with current v6 logs, appending field headers "RuleSetName" and "RuleName".
            2. setting User-Defined.RuleSetName=RuleSetName in applicable rules and adding to the access log output.
            3. setting User-Defined.RuleName=RuleName in applicable rules and adding to the access log output.
            4. configuring applicable push and rotation settings for the access log.
            5. configuring the log source in Web Reporter. Make sure and configure the user-defined fields for the rule set & name.

             

            note:

            1. I wanted to preserve the rule set & name to assist in debugging.
            2. Using the user-defined variables is kind of a pain, but when a rule performs a stop cycle, the builtin variables may not reflect the correct rule set & name.

             

             

            I think that's everything. It was educational but I was very disappointed by McAfee's handling of CSR in ePO 5.

             

             

            Mike

             

            Message was edited by: msiemens on 2/20/14 3:02:34 PM CST