3 Replies Latest reply on Mar 7, 2014 3:56 PM by djjava9

    ePO Server Log Location/ Log Forwarding

    jakeman21co

      Hello,

      I am running on McAfee ePO 4.6.4. I am trying to forward all of my logs toQRadar, which is serving as my event manager. Per the QRadar instruction I haveset up a JDBC pull of the ePO logs as well as an SNMP push by McAfee ePO. I amseeing logs from my agents; for example: "Anti-spywareMaximum Protection:Prevent execution of scripts from the Temp folder".

       

      The issue I am having is that I don'tseem to be receiving the logs contained in the ePO Audit Log. So I am notseeing User logins, Admin logins, failed logins etc. I see these events in theePO Audit Log (found by navigating to Menu| User Management | Audit Log).

       

      Are these logs being stored in another place? Is there a way to forward themthrough ePO itself?

       

      If not I can forward them using a product like Adaptive Log Exporter (ALE),but I would need to have a file location with a Log file to forward.