The log from the eventparser indicates only those:
E #06384 MFEFIPS mfefips_SSLSubSys.cpp(389): Error writing 3578 SSL bytes to x.x.x.x:6514 (-1 returned) E #06384 EVNTPRSR source\SyslogForwarder.cpp(138): Failed to send data to syslog receiver: x.x.x.x:6514 W #06384 MFEFIPS Ignoring host x.x.x.x:6514 for 2 minutes
So I'd say it's quite different from the timeout logs.
And of course, I didn't mean to post the pcap publicly, I'd think you have a different way to send it to you 🙂
And regarding the TLS without a certificate, Thanks I didn't know this cipher suite existed, although it's a very specific one that is almost not being used.
It's very hard for me to believe that it's a network issue since it's on AWS infrastructure.
You need to match the exact time frame of eventparser log entries vs the syslog entries to see what both sides show. The eventparser log seems to show it connected, but was unable to write to the syslog server. I would assume possibly the syslog showed a timeout? I can't see how it is an epo side failure if it sometimes works and sometimes doesn't. ePO is trying to write to it, but can't for some reason. If you get a network capture from both sides, when it is failing, let me know. I would also like to see corresponding eventparser and syslog server logs for same time as capture. I will send you my email in pm.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.