Table of Contents
Advertisement
Appendix B — Troubleshooting
Host IPS logs
• Windows XP, Windows 2003 — C:\Documents and Settings\All Users\Application
Data\McAfee\Host Intrusion Prevention
• Windows Vista, Windows 2008, Windows 7 — C:\ProgramData\McAfee\Host Intrusion
Prevention
How do I enable logging?
You can set Host IPS logging with the Host IPS client console or with the Host IPS Client UI
Policy from the ePolicy Orchestrator console.
To enable logging from the client:
1
From the tray icon, open the Host IPS console. Unlock the user interface with an
administrator or time-based password.
2
Select Help | Troubleshooting.
3
Select the required logging settings:
• Debug — logs all messages.
• Information — logs Information, Warning, and Error messages.
• Warning — logs Warning and Error messages.
• Error —logs Error messages.
• Disabled — logs no messages.
Firewall and IPS logging are controlled independently. These logging settings remain in
effect until the client console is locked and a subsequent policy enforcement occurs.
NOTE:
Logging can also be set locally by adding the DWORD 'debug_enabled' value in the
HKLM\Software\McAfee\HIP registry key. A value of decimal 1 turns on verbose debug
logging. The use of the local registry key to enable debug logging overrides any policy set using
ePolicy Orchestrator.
To enable logging from ePolicy Orchestrator:
1
Under Host IPS: General, edit the Client UI policy that is to be applied to a client.
2
Click the Troubleshooting tab.
3
Select the required logging settings:
• Debug — logs all messages.
• Information — logs Information, Warning, and Error messages.
• Warning — logs Warning and Error messages.
• Error — logs Error messages.
• Disabled — logs no messages.
Firewall and IPS logging are controlled independently. These logging settings are applied
at the next policy enforcement.
Which log files are associated with the Host IPS component?
The primary log file for the Host IPS component is HipShield.log. This log file grows to 128
MB and rotates with 1 back up.
Log file rotation is controlled by the DWORD entries log_rotate_size_kb and
log_rotate_count in the HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HIP registry
key. The log_rotate_count key determines the number of backup log files to preserve, and
the DWORD entrylog_rotate_size_kb is the approximate size in KB of a backup log file,
where 0 means log rotation is disabled.
142
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention
Related Products for McAfee HISCDE-AB-IA - Host Intrusion Prevention
- McAfee Agent 4.0
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files