2 Replies Latest reply on Feb 7, 2017 2:50 AM by syedali

    McAfee Logs Queries..

    luckm

      Hi All,

      I am new in mcafee epo,can anyone have some ideas on my below concerns.

       

      >>If task/policies are failing from ePO server for particular client, than where we found the particular logs on client machine.

       

      Tasks like:

      Product deployment(from ePO server).

      Manual product deployment(on client machine).

      Policy enforcement(server-client & client-server).

      Wakeup Agent(server-client & client-server).

      Client task(server-client).

      Manual Client task(client).

       

      >>Important troubleshooting logs on ePO server and client machine?

       

      >>In \Temp\McAfee Logs,there are lots of logs.Than how we justify that which logs are created for which event.

       

      ..

        • 2. Re: McAfee Logs Queries..
          syedali

          Forgot to mention

           

           

          Log descriptions

          McAfee Agent uses the following logs:

          • macmnsvc_<hostname>.log
            The macmnsvc.exe process hosts services including peer-to-peer, relay, SuperAgent, agent wake-up, and SuperAgent wake-up. The macmnsvc_<hostname>.log captures logging related to these functions. In addition, it captures the logging related to message bus broker and operations performed by message bus architecture based point products (for example, Threat Intelligence Exchange and Data Exchange Layer).
          • macompatsvc_<hostname>.log
            The macompatsvc.exe service is a compatibility service for masvc. This service is responsible for compatibility of the McAfee Agent with plugin and Local Procedure Call (LPC) based point products. The macompatsvc_<hostname>.log captures the operations performed on plugin and LPC based point products.
          • masvc_<hostname>.log
            The masvc.exe service is responsible for property collection, policy enforcement, task scheduling, agent-to-server communication, and trigger update sessions. The masvc_<hostname>.log captures logging related to these operations.
          • McScript.log (not new, carried over from McAfee Agent 4.x)
            When masvc.exe triggers an update, McScript.exe and McScript_InUser.exe are invoked and responsible for the updater (install/uninstall/update) session. The McScript.log captures details related to the update session, for example, the repository from which the file is downloaded, file download status, install/uninstall script execution, and update session status details.
          • marepomirror_<hostname>.log
            The marepomirror.exe process is responsible for repository mirroring. When the mirror task is invoked, marepomirror_<hostname>.log captures all operations related to mirroring.

          Log locations
          The logs are stored in the following locations:

          • Windows: C:\ProgramData\McAfee\Common Framework\logs
          • Non-Windows: /var/McAfee/agent/logs