3 Replies Latest reply on Jun 25, 2015 4:17 AM by zlob

    McAfee SIEM Collector Agent - EVT file read

    pamuk.peter

      Hi,

       

      I found this configuration option in the agent menu, but i can't make it work fine. In theory this is reading logs directly from the .evt file, not from the windows eventing API. But i get this message in debug mode:

       

      <131>1 febr. 18 14:43:43 10.35.176.155 McAfeeEventCollector: ERROR 1 GetData Failed to load bookmark: Could not find a part of the path 'C:\Windows\System32\winevt\Logs'.

         at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

         at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)

         at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)

         at McAfee.EventCollector.WindowsEVTPlugin.Plugin.GetData(Nullable`1& eventData)

       

       

      I'm using domain admin credentials.hank you,

       

      winevt.png

       

      Thank you,

      Peter