1 Reply Latest reply on Aug 26, 2014 7:55 AM by alexander_h

    SIEM Collector and McAfee Receiver configuration

    anticracker

      Hello,

      I want to get IIS logs from my Windows Server.

      Please post only in case if you have an real experience in this field.

       

      I have installed and configured SIEM Collector. I have added data source in SIEM but I don't receiving logs from Data Source.

      Both SIEM and Data Source (MS Windows Server) are in the same LAN.

       

      P.S For this Server I have 2 Data Sources in SIEM: 1) MS Message Tracking, 2) for WMI logs - Both are working and getting logs. I have problem only for IIS when using SIEM collector

       

      SIEM1.png

      SIEM2.png

      siem4.png

        • 1. Re: SIEM Collector and McAfee Receiver configuration
          alexander_h

          Hi John,

           

          Honestly this what i do every time and it works perfectly. The best will be to check that both the datasource and the agent are not using encryption as from what i see that is disable on the ESM datasource but what about the agent.

          Another thing you can try so you could see whether the logs are arriving :

           

          tcpdump host "yourhostip" and port 8081

           

          Another thing you can check is the agent log:

           

          C:\Program Files (x86)\McAfee\Windows Event Collector\debug.log