by In some cases, McAfee technical support may request logs from us. They asked us for McAfee Mar(Active Response) and EPO server logs. Follow the steps below to get McAfee Mar(Active Response) and EPO server logs.
Getting logs from MAR server
To log from the MAR server, we run the “mfe_tie_dxl_log_collector.sh” command to run the MER tool with the root user on the MAR server.
mfe_tie_dxl_log_collector.sh chmod -R 777 <location of file>
Note: The MER tool is available on the MAR server by default.
It collects the following McAfee product data by the MER tool.
| TIE Server Information and System Data | Default Location | Supported TIE Feature | ||
| TIE 3.x | TIE 2.3.x | TIE 2.2 | ||
| Daemon log included in MER | /var/log/daemon.log | Yes | Yes | No |
| Kernel log included in MER | /var/log/kern.log | Yes | Yes | No |
| DXL IPE logs | /var/McAfee/dxlbroker/logs/ipe*.log | Yes | Yes | No |
| Generated output is written to: | /data/tieserver/mer/mfe_tie_dxl_.tgz | Yes | Yes | Yes |
| Or generation | – | Yes | Yes | Yes |
| TIE Server installation logs | /tmp/*.log | Yes | Yes | Yes |
| TIE Server installation logs/errors | /tmp/*.err | Yes | Yes | Yes |
| Error CP information | /tmp/ERR* | Yes | Yes | Yes |
| First boot and network setup information | /tmp/LOG* | Yes | Yes | Yes |
| McAfee Agent logs | /var/McAfee/agent/logs/* | Yes | Yes | No |
| McAfee Agent automated upgrade log | /var/log/MFEcma* | Yes | No | No |
| DXL Broker component log | /var/McAfee/dxlbroker/logs/* | Yes | Yes | Yes |
| DXL Broker Policy | /var/McAfee/dxlbroker/policy/* | Yes | Yes | Yes |
| TIE Server log | /var/McAfee/tieserver/logs/*.* | Yes | Yes | Yes |
| TIE Server policy | /var/McAfee/tieserver/policy/* | Yes | Yes | Yes |
| TIE Server replication auto recovery | /var/log/replication-auto-recovery.log | Yes | Yes | Yes |
| TIE/ PostgreSQL configuration files and stats | /data/tieserver_pg/*.conf | Yes | Yes | Yes |
| MAR Server configuration Files | /opt/McAfee/marserver/conf* | Yes | No | No |
| System Cron Info | /var/log/cron* | Yes | Yes | Yes |
| Sysstat Information (ksar.txt) | /var/log/sa/* | Yes | Yes | Yes |
| Kernel message buffer | /var/log/dmesg.old | Yes | No | No |
| Environment Descriptor | /etc/McAfee/environment.sh | Yes | No | No |
| TIE/DXL API metrics (.csv) | /var/McAfee/tieserver/monitoring | Yes1 | Yes1 | Yes1 |
| TIE Server traffic logs (.csv) | /data/tieserver/traffic/* | Yes1 | Yes1 | Yes1 |
| FIPS Info | /var/log/kern.log /var/log/secure*.log /var/log/messages*.log |
Yes | Yes | Yes |
| Java security | /opt/McAfee/tieserver/jre/lib/security/java.security | Yes | Yes | Yes |
| System Java Process dump | MLOS process | Yes | Yes | Yes |
Run the following file to get the file from WinSCP. Then you can get the file from WinSCP as below.
Getting Log from McAfee EPO Server
After downloading the MER tool from the link below, run it on the EPO server. Log collection will take some time. Then save the collected logs somewhere.
https://support.mcafee.com/webcenter/portal/supportportal/pages_tools/toolsePOMER
First, we run the MER tool that I downloaded as follows.
On the screen that comes up, we continue as follows.
It will take some time to collect the logs after pressing the start button.
Finally, after the log collection is finished, save it to the desktop as follows.
Reference:
https://kc.mcafee.com/corporate/index?page=content&id=KB82850
https://kc.mcafee.com/corporate/index?page=content&id=KB72895
