Integration of McAfee EPO with Sumo
we are trying to get McAfee epo data into sumologic for monitoring purpose. anyone please help us how to do the integration.
Thanks in advance.
-
Hi Sudheesh,
McAfee EOP logs are flat logs files found on the EPO host server. To collect these logs you will need to install a local Collector on the EPO host system and then configure Local File Sources under that Collector to collect the EPO logs you need to analyze.
The process on how to go about the same has been mentioned in below documentation links:
Installed Collector: https://help.sumologic.com/Send_Data/Installed_Collectors
Local File Source: https://help.sumologic.com/Send_Data/Sources/01Sources_for_Installed_Collectors/Local_File_Source
More information on McAfee EPO logs, locations and information available within them can be found in the McAfee documentation linked below.
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24809/en_US/epo_510_rg_Log%20Files_0-00_en-us.pdf
Hope this helps in getting the EPO data ingested into Sumo. Let me know for any further concern on this.Thanks,
Rahul
Please sign in to leave a comment.
Comments
1 comment