1 Reply Latest reply on Oct 2, 2014 5:31 AM by vinaya_k

    Need to monitor installation software activity on WMI datasource


      Hi Everybody,


      I'm using ESM 9.4, I have some issue about windows event rule as below.


      I need to monitor and query event for software installation activity on windows server

      But ESM WMI datasource rule show only subject not show name of software on detail/custom type field.


      I try to custom Windows Event rule but rule cannot modify. I think ESM can edit only ASP rule.


      Please see detail.


      As Packet from Windows WMI are show Software Product and Version.




      But on ESM not parsing Software Product and Version into ESM field .









        • 1. Re: Need to monitor installation software activity on WMI datasource

          Hi Suopas,


          McAfee by default parses all WMI security logs and it just collects application and system logs by parsing minimal information. We had a same situation when we had a log for document being printed but the name of the document was not parsing, Finally we raised a PER (Product Enhancement Request) with McAfee to sort out the issue.


          The reason you need to raise a PER is because WMI parsers are code based parsers unlike syslog where you can write your own RegEx to parse the events.