Layer 7 collection on an NSM device

Layer 7 data is populated in the NSM database after the NSM event is written to its database. It doesn't come into the system as part of the event.

To pull Layer 7 information from the NSM, you can delay when the event is pulled so that Layer 7 data is included. This delay applies to all NSM events, not only the ones with associated Layer 7 data.

You can set this delay when performing three different actions related to the NSM:

  • Adding a McAfee NSM device to the console
  • Configuring an NSM device
  • Adding an NSM data source

Adding a McAfee NSM device

When adding the NSM device to the ESM (see Add devices to the ESM console), select Enable Layer 7 Collection and set the delay on the fourth page of the Add Device Wizard.

Configuring an NSM device

After adding an NSM device to the ESM console, you can configure the connection settings for the device (see Change connection with ESM). You can select Enable Layer 7 Collection and set the delay on the Connection page.

Adding an NSM data source

To add an NSM data source to a Receiver (see Add a data source), select McAfee in the Data Source Vendor field and Network Security Manager - SQL Pull (ASP) in the Data Source Model field. You can select Enable Layer 7 Collection and set the delay on the Add Data Source page.