20th December 2024

How to Get McAfee Mar(Active Response) and EPO Server Logs?

In some cases, McAfee technical support may request logs from us. They asked us for McAfee Mar(Active Response) and EPO server logs. Follow the steps below to get McAfee Mar(Active Response) and EPO server logs.

Getting logs from MAR server

To log from the MAR server, we run the “mfe_tie_dxl_log_collector.sh” command to run the MER tool with the root user on the MAR server.

mfe_tie_dxl_log_collector.sh
chmod -R 777 <location of file>

Note: The MER tool is available on the MAR server by default.

It collects the following McAfee product data by the MER tool.

TIE Server Information and System Data Default Location Supported TIE Feature
TIE 3.x TIE 2.3.x TIE 2.2
Daemon log included in MER /var/log/daemon.log Yes Yes No
Kernel log included in MER /var/log/kern.log Yes Yes No
DXL IPE logs /var/McAfee/dxlbroker/logs/ipe*.log Yes Yes No
Generated output is written to: /data/tieserver/mer/mfe_tie_dxl_.tgz Yes Yes Yes
Or generation Yes Yes Yes
TIE Server installation logs /tmp/*.log Yes Yes Yes
TIE Server installation logs/errors /tmp/*.err Yes Yes Yes
Error CP information /tmp/ERR* Yes Yes Yes
First boot and network setup information /tmp/LOG* Yes Yes Yes
McAfee Agent logs /var/McAfee/agent/logs/* Yes Yes No
McAfee Agent automated upgrade log /var/log/MFEcma* Yes No No
DXL Broker component log /var/McAfee/dxlbroker/logs/* Yes Yes Yes
DXL Broker Policy /var/McAfee/dxlbroker/policy/* Yes Yes Yes
TIE Server log /var/McAfee/tieserver/logs/*.* Yes Yes Yes
TIE Server policy /var/McAfee/tieserver/policy/* Yes Yes Yes
TIE Server replication auto recovery /var/log/replication-auto-recovery.log Yes Yes Yes
TIE/ PostgreSQL configuration files and stats /data/tieserver_pg/*.conf Yes Yes Yes
MAR Server configuration Files /opt/McAfee/marserver/conf* Yes No No
System Cron Info /var/log/cron* Yes Yes Yes
Sysstat Information (ksar.txt) /var/log/sa/* Yes Yes Yes
Kernel message buffer /var/log/dmesg.old Yes No No
Environment Descriptor /etc/McAfee/environment.sh Yes No No
TIE/DXL API metrics (.csv) /var/McAfee/tieserver/monitoring Yes1 Yes1 Yes1
TIE Server traffic logs (.csv) /data/tieserver/traffic/* Yes1 Yes1 Yes1
FIPS Info /var/log/kern.log
/var/log/secure*.log
/var/log/messages*.log
Yes Yes Yes
Java security /opt/McAfee/tieserver/jre/lib/security/java.security Yes Yes Yes
System Java Process dump MLOS process Yes Yes Yes
LEARN MORE  New Google Chrome Vulnerability (CVE-2021-21148) - Update Google Chrome Now

Run the following file to get the file from WinSCP. Then you can get the file from WinSCP as below.

WinSCP
WinSCP

 

Getting Log from McAfee EPO Server

After downloading the MER tool from the link below, run it on the EPO server. Log collection will take some time. Then save the collected logs somewhere.

https://support.mcafee.com/webcenter/portal/supportportal/pages_tools/toolsePOMER

Download MER tool
Download MER tool

 

First, we run the MER tool that I downloaded as follows.

MER tool license
MER tool license

 

On the screen that comes up, we continue as follows.

Auto-Detect product
Auto-Detect product

 

It will take some time to collect the logs after pressing the start button.

system information
system information

 

Finally, after the log collection is finished, save it to the desktop as follows.

EPOMANAGEMENT1_0.tgz log
EPOMANAGEMENT1_0.tgz log

 

Reference:

https://kc.mcafee.com/corporate/index?page=content&id=KB82850

https://kc.mcafee.com/corporate/index?page=content&id=KB72895

 

Leave a Reply

Your email address will not be published. Required fields are marked *