1 Reply Latest reply on Aug 26, 2014 7:55 AM by alexander_h

    SIEM Collector and McAfee Receiver configuration



      I want to get IIS logs from my Windows Server.

      Please post only in case if you have an real experience in this field.


      I have installed and configured SIEM Collector. I have added data source in SIEM but I don't receiving logs from Data Source.

      Both SIEM and Data Source (MS Windows Server) are in the same LAN.


      P.S For this Server I have 2 Data Sources in SIEM: 1) MS Message Tracking, 2) for WMI logs - Both are working and getting logs. I have problem only for IIS when using SIEM collector





        • 1. Re: SIEM Collector and McAfee Receiver configuration

          Hi John,


          Honestly this what i do every time and it works perfectly. The best will be to check that both the datasource and the agent are not using encryption as from what i see that is disable on the ESM datasource but what about the agent.

          Another thing you can try so you could see whether the logs are arriving :


          tcpdump host "yourhostip" and port 8081


          Another thing you can check is the agent log:


          C:\Program Files (x86)\McAfee\Windows Event Collector\debug.log