Has anyone been successful in getting McAfee ePO audit log information into Splunk? We are using DB Connect and are getting client events, but the audit logs (i.e., Deploying EE to 164 computers, Moved 3 systems, etc) are in a different table. I have the DB schema, but I'm not finding the ePO event info and it appears that there may be several table joins and lookups to get the information into one screen.
Thanks for any info you can provide.
Tim
The table is called EPOProductEventsMT. Using the data in this table you can write alerts when epo changes are deployed.
Does that mean I have to use DBConnect to obtain this information?
I am also looking to accomplish this. Is there any update?
Did you got any solution to this...even i am facing the same issue.