Nitro…err Mcafee Enterprise Security Manager

We purchased the Nitro Logging Appliance and fell in love with some of it’s features. Right as we purchased it though Mcafee came in and purchased the company because it was a great product. While Mcafee is all over the product now it doesn’t seem to be lacking in features or functionality. I have found quite a few things that don’t really seem to be documented anywhere else that I will start putting into my blog. The first of which on this post will be common commands to run to find out what is going on with the appliance and to make sure that it is working.

Check that logs are coming in:
single host:
tcpdump -nnXi eth0 host (ip of host) and port (syslog port) -s0

Subnet:
tcpdump -nnxi eth0 src net (subnet)/24 and port (syslog port) -s0

The logs won’t be human readable but at least you can see that data is coming in.

Stop and start the Services(this is case sensitive):
NitroStop –nod
NitroStart –nod

I will continue to put up posts and log important stuff here as time goes on.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share this:

Like this:

Related

Leave a Reply Cancel reply