Not receiving logs from McAfee ePO 5.x
I'm trying to integrate McAfee ePO with RSA SA 10.6.4.1.
I've created the DSN with the DB and server name, and port number. Left the driver value as default.
I've also entered the ODBC username and password configuration parameters, and tested connection - successful.
However, I receive no logs from McAfee ePO. I looked up the /var/log/messages file, and I find the following warning -
NwLogCollector: [OdbcCollection] [warning] Invalid audit log format for:Test Connection Success!
I'm not sure what this means.
- Community Thread
- Forum Thread
- NetWitness Orchestrator
- RSA NetWitness
- RSA NetWitness Orchestrator
- RSA NetWitness Platform
- rsa sa
Please consider upgrading from 10.6.4.1 to a version of NetWitness 11.x the 10.6.x.x versions will be End of Life in October 2019. You must upgrade to a version of 10.6.6.x prior to upgrading to 11.3.
Here is some documentation pertaining to NetWitness 11.3 features and functionality:
v11.3 Release Notes
NetWitness Known Issues (11.x)
Introduction Blog Post (Marketing)
Physical Host Upgrade Checklist 10.6.6.x to 11.3
Physical Host Upgrade Guide 10.6.6.x to 11.3
Update Guide 11.x.x.x to 11.3
Getting Started Guide
NetWitness Respond User Guide
NetWitness Investigate Quick Start Guide
NetWitness UEBA Quick Start Guide
NetWitness Endpoint Quick Start Guide
Changes to ESA script outputs
Recovery Tool User Guide