McAfee Epolicy Orchestrator

Ship McAfee EPO Logs to Logstash

Follow the steps below to send your observability data to Logit.io

Logs

Send your McAfee EPO Logs to logit.io via logstash using the instructions below and begin searching your data.

Install Integration

Please click on the Install Integration button to configure your stack for this source.

Set up syslog server output

Locate the registered servers page (under configuration) in McAfee Epolicy Orchestrator.

Registered servers page

Now change the server type to syslog server and enter a suitable name for the connection, now hit next.

Change server to syslog server Press next and you'll be presented with an option for the syslog server and syslog port.

Enter your Logstash endpoint address and syslog-ssl port number.

Server name:       @logstash.host
TCP port number:   @logstash.sslPort

Enter logstash endpoint

Once you have entered the details you can test the connection using the button on screen.

Connect to server

Launch OpenSearch Dashboards to View Your Data

Launch OpenSearch Dashboards

How to diagnose no data in Stack

If you don't see data appearing in your stack after following this integration, take a look at the troubleshooting guide for steps to diagnose and resolve the problem or contact our support team and we'll be happy to assist.

Mailchimp Mcrouter