Loading...

Knowledge Center


How to use the Threat Intelligence Exchange Server Minimum Escalation Requirements tool
Technical Articles ID:   KB82850
Last Modified:  8/19/2019
Rated:


Environment

McAfee Threat Intelligence Exchange (TIE) Server - all supported versions

McAfee Minimum Escalation Requirements (MER) tool 

Summary

Run the MER tool
To run the MER tool for the TIE Server, switch to the Root user and run the following command: 
 
mfe_tie_dxl_log_collector.sh
 
NOTE: This MER script is included in the appliance image.

The generated output is written in a directory according to the MER tool version. A message appears after the script execution.

Information about files collected by MER
The MER tool collects the following McAfee product data from the TIE Server so that the Technical Support engineer can analyze and resolve issues:
 
TIE Server Information and System Data Default Location Supported TIE Feature
TIE 3.0.0 TIE 2.3.x TIE 2.1.0
2.0.0
Daemon log included in MER /var/log/daemon.log Yes Yes No
Kernel log included in MER /var/log/kern.log Yes Yes No
DXL IPE logs /var/McAfee/dxlbroker/logs/ipe*.log Yes Yes No
Generated output is written to: /data/tieserver/mer/mfe_tie_dxl_.tgz Yes Yes Yes
Alternatively generation - Yes Yes Yes
TIE Server installation logs /tmp/*.log Yes Yes Yes
TIE Server installation logs/errors /tmp/*.err Yes Yes Yes
Error CP information /tmp/ERR* Yes Yes Yes
First boot and network setup information /tmp/LOG* Yes Yes Yes
McAfee Agent logs /var/McAfee/agent/logs/* Yes Yes No
McAfee Agent automated upgrade log /var/log/MFEcma* Yes No No
DXL Broker component log /var/McAfee/dxlbroker/logs/* Yes Yes Yes
DXL Broker Policy /var/McAfee/dxlbroker/policy/* Yes Yes Yes
TIE Server log /var/McAfee/tieserver/logs/*.* Yes Yes Yes
TIE Server policy /var/McAfee/tieserver/policy/* Yes Yes Yes
TIE Server replication auto recovery /var/log/replication-auto-recovery.log Yes Yes Yes
TIE/ PostgreSQL configuration files and stats /data/tieserver_pg/*.conf Yes Yes Yes
MAR Server configuration Files /opt/McAfee/marserver/conf* Yes No No
System Cron Info /var/log/cron* Yes Yes Yes
Sysstat information (ksar.txt) /var/log/sa/* Yes Yes Yes
Kernel message buffer /var/log/dmesg.old Yes No No
Environment Descriptor /etc/McAfee/environment.sh Yes No No
TIE/DXL API metrics (.csv) /var/McAfee/tieserver/monitoring Yes1 Yes1 Yes1
TIE Server traffic logs (.csv) /data/tieserver/traffic/* Yes1 Yes1 Yes1
FIPS Info /var/log/kern.log
/var/log/secure*.log
/var/log/messages*.log
Yes Yes Yes
Java security /opt/McAfee/tieserver/jre/lib/security/java.security Yes Yes Yes
System Java Process dump MLOS process Yes Yes Yes
 
1 Traffic logs generated for TIE Server are included in the MER output if the -t flag is included in the command execution. Example:
 
mfe_tie_dxl_log_collector.sh -t

Traffic logs generated by previous versions of TIE Server using the TIE Server log parsing script are not included in the MER output, regardless of the -t flag. This flag applies only to traffic logs generated by TIE Server after the DXL traffic logs are enabled through TIE Server Policy.

NOTE: The file is generated with root permissions. To move the file from Linux to a different system, such as Windows, you must use a tool such as WinSCP. You might receive a "permissions denied" error message.

To resolve permissions denied errors, run the following command on the Linux box before you run WinSCP:
 
chmod -R 777 <location of file>

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.