RSA enVision^® Discussions

BogdanSandu · ‎2012-06-29

we have a mcafee 4.6 epo configured in envision 4.0 sp3. It was detected correctly, but envision only pulls administrative logs, like user logging in to the console; not threat or virus logs. We've checked and the virus logs can be seen in the epo console. How come the virus logs are not pulled by envision. thanks Bogdan

RSAAdmin · ‎2012-06-29

Have you added the virus data source under "Manage ODBC Service"?

BogdanSandu · ‎2012-06-29

yes. Both system and virus odbc are added:

%NIC-6-605113: ODBC, ODBC, -, -, -, -, Detail: 2628: ePolicy_virus:envision:Events=0; Query=0.024 s; Execute=0.024 s; Fetch=0.000 s; Total=0.177 s; Eps=0.000; Rps=0.000

but the virus one only returns Events=0 after every connection.

RSAAdmin · ‎2012-06-29

Well, I can see from your output that it is making the connection fine.

Under E:\nic\csd\config\odbcs\<sitename>\

Should be a tracking file for your ePolicy_Virus collection. What's inside this file?

Also, what "Type" did you select for your ODBC definition within enVision?

BogdanSandu · ‎2012-06-29

in the .last file it's a date: for the virus one: 0 2012-06-28 16:08:49.727 for the system one: 0 2012-06-29 14:27:38.007 I've selected them as: ePolicyvirus4.5 and ePolicy4.5

RSAAdmin · ‎2012-06-29

Try changing your type for the Virus data source to "ePolicyVirus4.5AutoId".

You will have to remove/rename the existing last file with the old tracking data in; restarting the NIC ODBC Service re-creates this file with the new tracking info.

BogdanSandu · ‎2012-06-29

i've applied the changes. still Events=0.

RSAAdmin · ‎2012-06-29

What does the new tracking (.LAST) file contain now?

BogdanSandu · ‎2012-06-29

the system one: 0 2012-06-29 15:02:49.180 the virus one: 0 30

RSAAdmin · ‎2012-06-29

Change the 30 to 20 and save the file. Then see if collects 10 events.

RSA enVision® Discussions

mcafee epo 4.6 only pulling administrative logs not threat or virus ones

RSA enVision^® Discussions