All Apps and Add-ons

Splunk DB Connect: How to get McAfee ePO audit logs into Splunk?

Path Finder

Has anyone been successful in getting McAfee ePO audit log information into Splunk? We are using DB Connect and are getting client events, but the audit logs (i.e., Deploying EE to 164 computers, Moved 3 systems, etc) are in a different table. I have the DB schema, but I'm not finding the ePO event info and it appears that there may be several table joins and lookups to get the information into one screen.

Thanks for any info you can provide.

Tim

0 Karma

Path Finder

The table is called EPOProductEventsMT. Using the data in this table you can write alerts when epo changes are deployed.

0 Karma

New Member

Does that mean I have to use DBConnect to obtain this information?

0 Karma

Path Finder

I am also looking to accomplish this. Is there any update?

0 Karma

New Member

Did you got any solution to this...even i am facing the same issue.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!