We are trying to forward only logs from specific subnet to Losg Insight Server in our environment. Is it feasible?
Please be specific on what logs you want to forward to insight server?
I could see insight server is an IBM product, If it similar to syslog server. then you may look at the below article for more information on integration part and requirements.
If above answers resolves your issue, then please mark this thread as resolved.
How does event log forwarding work?
The McAfee Agent sends events to the ePO or Remote Agent Handler. Use McAfee ePO to configure syslog server and forward events to the syslog server.
Note: Event wont be forwarded from endpoint to Syslog server directly, so syslog server should have proper connectivity to the EPO/Agent Hanlder, inorder to receive those events and logs.
Thanks. However my question is
Yes , logs will be sent either to ePO or AH however from ePO , do we have an option to send logs of specific subnet to Syslog server
No, you cannot configure to send events for specific subnet or specific endpoints.
If you configure event forwarding from epo to syslog then it would forward all the configured events.
you can only choose what events you want to forward or not!
Server settings-->Event Filtering