MCAFEE EPOLICY ORCHESTRATOR (ePO)
Instructions for forwarding McAfee ePolicy Orchestrator (ePO) logs to your Log Management device
PREREQUISITESMcAfee ePolicy Orchestrator (ePO) 5.9.x, 5.3.x to Clone LOGM/SIEM
- Make sure your ePO installation is version 5.9 or 5.3.2 (with Hotfix 1185471 applied).
Note: If you use ePO 5.3.2 with Hotfix 1185471 applied and you have additional agent handlers, an extra step is required to replace two files on the agent handler with the Hotfix versions taken from the ePO server. See KB87469 for details.Clone Systems Log Management Device
- The IP Address for the Clone Systems Log Management device
1. Launch McAfee ePolicy Orchestrator (ePO), enter your Username and Password, and then click the Log On button.TTY.
2. Add a new Registered Server and select Syslog for the type.es.
4. Enter ‘6514‘ for the port (or whatever port was communicated by Clone Systems’ Support Team).
5. Select Enable event forwarding.
Note: You should see a syslog connection success message when done.
Note: All threat events received by ePO should now be automatically forwarded to the syslog server.