RSA Admin

McAfee Enterprise logging to Windows Application Log

Discussion created by RSA Admin Employee on Nov 12, 2009
Latest reply on Dec 2, 2009 by RSA Admin

We currently have McAfee configured to log to the Windows Application log. I can run reports by querying for McLogEvent as the Application source. However, the description for all events is "No description string found". I have all the event IDs and descriptions from the McAfee site. I can also build it as we go, since the Windows Application log also gives the description in the log entry, (which may be better since we would only have to add the events being generated and not all 169 events listed on the McAfee site). 

My thoughts are to add these to the existing Windows event XML. Has anyone done this? Are there any better ideas? This would be my first attempt at this, but I'm willing to give it a shot if no one has a better solution.

Outcomes