Has anyone been successful in getting McAfee ePO audit log information into Splunk? We are using DB Connect and are getting client events, but the audit logs (i.e., Deploying EE to 164 computers, Moved 3 systems, etc) are in a different table. I have the DB schema, but I'm not finding the ePO event info and it appears that there may be several table joins and lookups to get the information into one screen.
Thanks for any info you can provide.
Tim
↧