This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
VishamRawat
Beginner
Beginner
‎2019-05-08 08:36 AM

Not receiving logs from McAfee ePO 5.x

I'm trying to integrate McAfee ePO with RSA SA 10.6.4.1.

I've created the DSN with the DB and server name, and port number. Left the driver value as default.

I've also entered the ODBC username and password configuration parameters, and tested connection - successful.

 

However, I receive no logs from McAfee ePO. I looked up the /var/log/messages file, and I find the following warning -

NwLogCollector[24339]: [OdbcCollection] [warning] Invalid audit log format for:Test Connection Success!

 

I'm not sure what this means.

Need assistance.

Labels (1)
0 Likes
Reply
5 Replies
DaveGlover
Contributor Contributor
Contributor
‎2019-05-08 08:39 AM

McAfee EPO has many different modules in it.

 

Which module are you trying to collect from? AV? HIDS?

0 Likes
Reply
VishamRawat
Beginner
Beginner
In response to DaveGlover
‎2019-05-08 08:57 AM

Hi Dave,

 

The AV module. We're going for the system and virus logs.

0 Likes
Reply
SteveFink
New Contributor New Contributor
New Contributor
‎2019-05-08 10:30 AM

Hi Visham,

 

Please consider upgrading from 10.6.4.1 to a version of NetWitness 11.x the 10.6.x.x versions will be End of Life in October 2019. You must upgrade to a version of 10.6.6.x prior to upgrading to 11.3.

 

Here is some documentation pertaining to NetWitness 11.3 features and functionality:

 

v11.3 Release Notes

                https://community.rsa.com/docs/DOC-100363

 

NetWitness Known Issues (11.x)

                https://community.rsa.com/community/products/netwitness/documentation/known-issues

 

Introduction Blog Post (Marketing)

                https://community.rsa.com/community/products/netwitness/blog/2019/03/05/introducing-rsa-netwitness-p...

 

Physical Host Upgrade Checklist 10.6.6.x to 11.3

                https://community.rsa.com/docs/DOC-101413

 

Physical Host Upgrade Guide 10.6.6.x to 11.3

                https://community.rsa.com/docs/DOC-100385

 

Update Guide 11.x.x.x to 11.3

                https://community.rsa.com/docs/DOC-100381

 

Getting Started Guide

                https://community.rsa.com/docs/DOC-100377

 

NetWitness Respond User Guide

                https://community.rsa.com/docs/DOC-99944

 

NetWitness Investigate Quick Start Guide

                https://community.rsa.com/docs/DOC-101213

 

NetWitness UEBA Quick Start Guide

                https://community.rsa.com/docs/DOC-100550

 

NetWitness Endpoint Quick Start Guide

                https://community.rsa.com/docs/DOC-100167

 

Changes to ESA script outputs

                https://community.rsa.com/community/products/netwitness/blog/2019/04/12/113-changes-to-esa-script-ou...

 

Threat-Aware Authentication:

                https://community.rsa.com/community/products/netwitness/blog/2019/04/29/examining-threat-aware-authe...

 

Recovery Tool User Guide

                https://community.rsa.com/docs/DOC-101457

 

Kind regards,

 

Steve

0 Likes
Reply
DaveGlover
Contributor Contributor
Contributor
‎2019-05-08 10:41 AM

Have you followed the guide here?  https://community.rsa.com/docs/DOC-40219 

 

There are a couple of different options to pick depending on AV version

0 Likes
Reply
VishamRawat
Beginner
Beginner
In response to DaveGlover
‎2019-05-08 11:38 AM

Thanks Dave, it's working now! just took a while to manifest.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.