How to enable Host Intrusion Prevention 8.0 debug logging
技术文章 ID:
KB72869
上次修改时间: 3/20/2019
上次修改时间: 3/20/2019
How to enable Host Intrusion Prevention 8.0 debug logging
技术文章 ID:
KB72869
上次修改时间: 3/20/2019 环境McAfee Host Intrusion Prevention (Host IPS) 8.0
摘要
Use the following information to enable Host IPS debug logging on Windows, Linux, and Solaris operating systems. NOTE: Host IPS Debug logs are written to the following directories (depending on the operating system):
Contents: 解决方案
Windows operating systems (Options 1 and 2) Option 1 - Enable debug logging via an ePolicy Orchestrator (ePO) policy (recommended) NOTE: If you want to duplicate your current Host IPS Client UI policy, modify the duplicate policy to enable Host IPS debug logging, then assign the duplicate policy to a single system.
32-bit: HKLM\Software\McAfee\HIP\Config\Settings\
64-bit: HKLM\Software\Wow6432Node\McAfee\HIP\Config\Settings\ "Client_LogLevelFw"=dword:00000001 (1)
"Client_LogLevelIps"=dword:00000004 (4) "ClientUI_IpsLogViolations"=dword:00000001 (1) NOTE: You can also enable debug logging via the local Client UI (without modifying the ePO policy) by following only Steps 10 and 11 above. Logging might be disabled automatically if you close or lock the Host IPS Client UI. McAfee recommends that you enable debug logging only via the policy while troubleshooting an issue, and then disable it when you are finished. Back to Contents Option 2 - Enable Host IPS debug logging via the local registry using Regedit.exe Restarting the Host IPS service is not required. See below for details, and also see KB51517 for additional debug options. The steps below are useful if debug logging is required to investigate Host IPS policy enforcement issues (for example, if debug logging is not correctly being enabled via policy). CAUTION: This article contains information about opening or modifying the registry.
32-bit: HKLM\Software\McAfee\HIP\
64-bit: HKLM\Software\Wow6432Node\McAfee\HIP\ A value of decimal 1 turns on verbose debug logging.
A value of decimal 0 disables logging.
解决方案
Linux/Solaris operating systems NOTE: Host IPS for Linux debug logging must be modified via local commands shown below; debug logging cannot be enabled and disabled via ePO policy.
Back to Contents 相关信息技术术语词汇表 |
|