McAfee Epolicy Orchestrator
Ship McAfee EPO Logs to Logstash
McAfee Epolicy Orchestrator
Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 1 - Set up syslog server output
Locate the registered servers page (under configuration) in McAfee Epolicy Orchestrator.
Now change the server type to syslog server and enter a suitable name for the connection, now hit next.
Press next and you'll be presented with an option for the syslog server and syslog port.
Enter your Logstash endpoint address your-logstash-host and syslog-ssl port number your-ssl-port
Once you have entered the details you can test the connection using the button on screen.
Step 2 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 3 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.