McAfee HISCDE-AB-IA Product Guide - Page 142
HKLM\Software\McAfee\HIP, Help | Troubleshooting
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 142 highlights
Appendix B - Troubleshooting Host IPS logs • Windows XP, Windows 2003 - C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention • Windows Vista, Windows 2008, Windows 7 - C:\ProgramData\McAfee\Host Intrusion Prevention How do I enable logging? You can set Host IPS logging with the Host IPS client console or with the Host IPS Client UI Policy from the ePolicy Orchestrator console. To enable logging from the client: 1 From the tray icon, open the Host IPS console. Unlock the user interface with an administrator or time-based password. 2 Select Help | Troubleshooting. 3 Select the required logging settings: • Debug - logs all messages. • Information - logs Information, Warning, and Error messages. • Warning - logs Warning and Error messages. • Error -logs Error messages. • Disabled - logs no messages. Firewall and IPS logging are controlled independently. These logging settings remain in effect until the client console is locked and a subsequent policy enforcement occurs. NOTE: Logging can also be set locally by adding the DWORD 'debug_enabled' value in the HKLM\Software\McAfee\HIP registry key. A value of decimal 1 turns on verbose debug logging. The use of the local registry key to enable debug logging overrides any policy set using ePolicy Orchestrator. To enable logging from ePolicy Orchestrator: 1 Under Host IPS: General, edit the Client UI policy that is to be applied to a client. 2 Click the Troubleshooting tab. 3 Select the required logging settings: • Debug - logs all messages. • Information - logs Information, Warning, and Error messages. • Warning - logs Warning and Error messages. • Error - logs Error messages. • Disabled - logs no messages. Firewall and IPS logging are controlled independently. These logging settings are applied at the next policy enforcement. Which log files are associated with the Host IPS component? The primary log file for the Host IPS component is HipShield.log. This log file grows to 128 MB and rotates with 1 back up. Log file rotation is controlled by the DWORD entries log_rotate_size_kb and log_rotate_count in the HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP registry key. The log_rotate_count key determines the number of backup log files to preserve, and the DWORD entrylog_rotate_size_kb is the approximate size in KB of a backup log file, where 0 means log rotation is disabled. 142 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5