1. Sophos integration usually works fine when you are using the default settings for the sophos DB.
what i would suggest is:
- Check the port used by the SQL server dynamic/Static --> use the default 1433
- check the DB name as if it's not the default it will fails as the query is hardcoded
The is a KB from McAfee the gives details how to use custom setting for the SQL query that is performed:
2. I never had issues with Missing NTP servers.
- the time will never change on the ESM as it is using UTC and it's not affected by daylight saving changes.
- i could suggest you to use pool.ntp.org as i had some issues with Windows NTP and Linux systems.
Hope this helps
Thank you so much for your help. To add up some information
1. I forgot to tell that I already tried the KB74839 but still it doesn't solve the problem. There is no sqlcollector.pl on the path /usr/local/bin. The port that we are using is the default port 1433 and default database name which is SOPHOS52. We also verified the port, database name and the instance of the Sophos database settings using SQLStudioExpress.
i would say that the best will be to check the logs on the SQL servers as it might be refusing the connections.
If you are using the latest ESM it already has all of the dialogs withing the datasourse config.
what is the message that you see within /var/log/messages on the receiver.
Also check the event logs on the Windows hosting the sophos db and also the sql logs.
Just to be sure have you tried ping, Telnet on port 1433 against the sql from the receiver.