Has 5.0.1 compatibility been fixed? We're looking at also installing CSR, but if McAfee isn't going to fix it for 5.0.x, then we'll just plan to move ePO to 5.1.
Sorry agentdr8, McAfee wasn't forthcoming with an answer and I couldn't wait so I'm using Web Reporter.
I implemented access log process by:
- editing the access log header to write the log file header in a form compatible with current v6 logs, appending field headers "RuleSetName" and "RuleName".
- setting User-Defined.RuleSetName=RuleSetName in applicable rules and adding to the access log output.
- setting User-Defined.RuleName=RuleName in applicable rules and adding to the access log output.
- configuring applicable push and rotation settings for the access log.
- configuring the log source in Web Reporter. Make sure and configure the user-defined fields for the rule set & name.
- I wanted to preserve the rule set & name to assist in debugging.
- Using the user-defined variables is kind of a pain, but when a rule performs a stop cycle, the builtin variables may not reflect the correct rule set & name.
I think that's everything. It was educational but I was very disappointed by McAfee's handling of CSR in ePO 5.