Nitro…err Mcafee Enterprise Security Manager

We purchased the Nitro Logging Appliance and fell in love with some of it’s features.  Right as we purchased it though Mcafee came in and purchased the company because it was a great product. While Mcafee is all over the product now it doesn’t seem to be lacking in features or functionality.  I have found quite a few things that don’t really seem to be documented anywhere else that I will start putting into my blog.  The first of which on this post will be common commands to run to find out what is going on with the appliance and to make sure that it is working.

Check that logs are coming in:
single host:
tcpdump -nnXi eth0 host (ip of host) and port (syslog port) -s0

Subnet:
tcpdump -nnxi eth0 src net (subnet)/24 and port (syslog port) -s0

The logs won’t be human readable but at least you can see that data is coming in.

Stop and start the Services(this is case sensitive):
NitroStop –nod
NitroStart –nod

I will continue to put up posts and log important stuff here as time goes on.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.