responses
Hello,
We are currently working on collecting the logs from McAfee EPO (without pooling the database ) using the agent as the syslog server .
In the EPO we can configure a syslog server to send our events , in that case the syslog server is our agent
We try some configuration but still not working
<Extension clean_fields_mcafee_epo>
Module xm_rewrite
Keep time, host, source, sourcetype, event, classification, os, dc, severity, module, stanza, collector_hostname, collector_received_at
</Extension>
<Input i_mcafee_epo_raw>
Module im_ssl
ListenAddr 127.0.0.1:1572
CAFile "McAfeeEpo\Apache2\conf\ssl.crt\ca.cer"
CertFile "McAfeeEpo\Apache2\conf\ssl.crt\cert.crt"
CertKeyFile "McAfeeEpo\Apache2\conf\ssl.crt\cert.key"
AllowUntrusted TRUE
FlowControl TRUE
<Exec>
parse_syslog();
$source = "mcafee_epo";
log_info("event : " +$event);
</Exec>
</Input>
<Output onul>
Module om_null
</Output>
<Route r_raw_epo>
Path i_mcafee_epo_raw => onul
</Route>
I was wondering I we need to use the module xm_syslog as the module
Comments (1)
Thanks @raf we will try it .