How to enable Host Intrusion Prevention 8.0 debug logging
技術的な記事 ID:
KB72869
最終更新: 3/20/2019
最終更新: 3/20/2019
言語:
この記事は、次の言語で表示可能です:
GermanEnglish United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro
Chinese Simplified
How to enable Host Intrusion Prevention 8.0 debug logging
技術的な記事 ID:
KB72869
最終更新: 3/20/2019 環境McAfee Host Intrusion Prevention (Host IPS) 8.0
概要
Use the following information to enable Host IPS debug logging on Windows, Linux, and Solaris operating systems. NOTE: Host IPS Debug logs are written to the following directories (depending on the operating system):
Contents: 解決策
Windows operating systems (Options 1 and 2) Option 1 - Enable debug logging via an ePolicy Orchestrator (ePO) policy (recommended) NOTE: If you want to duplicate your current Host IPS Client UI policy, modify the duplicate policy to enable Host IPS debug logging, then assign the duplicate policy to a single system.
32-bit: HKLM\Software\McAfee\HIP\Config\Settings\
64-bit: HKLM\Software\Wow6432Node\McAfee\HIP\Config\Settings\ "Client_LogLevelFw"=dword:00000001 (1)
"Client_LogLevelIps"=dword:00000004 (4) "ClientUI_IpsLogViolations"=dword:00000001 (1) NOTE: You can also enable debug logging via the local Client UI (without modifying the ePO policy) by following only Steps 10 and 11 above. Logging might be disabled automatically if you close or lock the Host IPS Client UI. McAfee recommends that you enable debug logging only via the policy while troubleshooting an issue, and then disable it when you are finished. Back to Contents Option 2 - Enable Host IPS debug logging via the local registry using Regedit.exe Restarting the Host IPS service is not required. See below for details, and also see KB51517 for additional debug options. The steps below are useful if debug logging is required to investigate Host IPS policy enforcement issues (for example, if debug logging is not correctly being enabled via policy). CAUTION: This article contains information about opening or modifying the registry.
32-bit: HKLM\Software\McAfee\HIP\
64-bit: HKLM\Software\Wow6432Node\McAfee\HIP\ A value of decimal 1 turns on verbose debug logging.
A value of decimal 0 disables logging.
解決策
Linux/Solaris operating systems NOTE: Host IPS for Linux debug logging must be modified via local commands shown below; debug logging cannot be enabled and disabled via ePO policy.
Back to Contents 関連情報言語:この記事は、次の言語で表示可能です: GermanEnglish United States Spanish Spain French Italian Japanese Portuguese Brasileiro Chinese Simplified 技術用語集 |
|