Integration of McAfee EPO with Sumo

Follow

Sudheesh Sudarshan

• June 05, 2017 20:56

we are trying to get McAfee epo data into sumologic for monitoring purpose. anyone please help us how to do the integration.

Thanks in advance.

1

• 

  Rahul Choudhary

  • June 06, 2017 07:14

  Hi Sudheesh,

  McAfee EOP logs are flat logs files found on the EPO host server. To collect these logs you will need to install a local Collector on the EPO host system and then configure Local File Sources under that Collector to collect the EPO logs you need to analyze. 

  The process on how to go about the same has been mentioned in below documentation links:

  
  Installed Collector: https://help.sumologic.com/Send_Data/Installed_Collectors

  
  Local File Source: https://help.sumologic.com/Send_Data/Sources/01Sources_for_Installed_Collectors/Local_File_Source
  
  More information on McAfee EPO logs, locations and information available within them can be found in the McAfee documentation linked below. 
  
  https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24809/en_US/epo_510_rg_Log%20Files_0-00_en-us.pdf
  
  Hope this helps in getting the EPO data ingested into Sumo. Let me know for any further concern on this.

  Thanks,

  Rahul

  1

  Comment actions Permalink

Please sign in to leave a comment.