McAfee Epolicy Orchestrator
Ship McAfee EPO Logs to Logstash
Follow the steps below to send your observability data to Logit.io
Logs
Send your McAfee EPO Logs to logit.io via logstash using the instructions below and begin searching your data.
Install Integration
Set up syslog server output
Locate the registered servers page (under configuration) in McAfee Epolicy Orchestrator.
Now change the server type to syslog server and enter a suitable name for the connection, now hit next.
Press next and you'll be presented with an option for the syslog server and syslog port.
Enter your Logstash endpoint address and syslog-ssl port number.
Server name: @logstash.host
TCP port number: @logstash.sslPort
Once you have entered the details you can test the connection using the button on screen.
Launch OpenSearch Dashboards to View Your Data
Launch OpenSearch DashboardsHow to diagnose no data in Stack
If you don't see data appearing in your stack after following this integration, take a look at the troubleshooting guide for steps to diagnose and resolve the problem or contact our support team and we'll be happy to assist.