McAfee Epolicy Orchestrator

Ship McAfee EPO Logs to Logstash

Send your McAfee EPO Logs to logit.io via logstash using the instructions below and begin searching your data.

Please click on the Install Integration button to configure your stack for this source.

Locate the registered servers page (under configuration) in McAfee Epolicy Orchestrator.

Registered servers page

Now change the server type to syslog server and enter a suitable name for the connection, now hit next.

Change server to syslog server Press next and you'll be presented with an option for the syslog server and syslog port.

Enter your Logstash endpoint address @logstash.host and syslog-ssl port number @logstash.sslPort

Enter logstash endpoint

Once you have entered the details you can test the connection using the button on screen.

Connect to server

Data should now have been sent to your Stack.

If you don't see take a look at How to diagnose no data in Stack below for how to diagnose common issues.

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.