Encryption requirements for ePolicy Orchestrator syslog integration

Technical Articles ID: KB91194
Last Modified: 1/24/2020

Environment

McAfee ePolicy Orchestrator (ePO) - all supported versions

For details of ePO supported environments, see KB51569.

Problem

You observe one or more of the following when events are forwarded from ePO to a syslog server:

An event appears corrupt.
An event is unreadable.
Events are not received at all.

Cause

ePO syslog integration is only supported for TCP with TLS receivers following RFC 5424 and RFC 5425 (generally known as syslog-ng).

If your syslog receiver does not support the above, it might not realize that the message is encrypted, which causes it to be displayed as unreadable.

Solution

Ensure that you are using a syslog-ng capable receiver.

Related Information

See also KB87927 for how to set up an example syslog server for use with ePolicy Orchestrator.

Affected Products

ePolicy Orchestrator 5.9
ePolicy Orchestrator 5.10.x

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

Environment

Problem

Cause

Solution

Related Information

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Knowledge Center

Environment

Problem

Cause

Solution

Related Information

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title