Check KB91194 - 3 dots indicate the handshake isn't completing at all.  That kb lists tls requirements including ciphers that may need to be enabled.  You can also run nmap against the syslog server to see what protocols/ciphers it is able to negotiate (KB91115).

Otherwise you can get a wireshark capture that will show the connection attempt.  

If the syslog server also is configured to require mutual authentication, then that is not supported.

Hi cdinet,

Thank you for your response.

How do I enable the ciphers mentioned in the article?

Secondly, where do I get the self signed certificate? Do i need to export it from McAfee ePO itself or I can use IIS server to create a self-signed certificate on Syslog server?

Regards,

Hi Aguevara,

Thank you for your response.

I've enabled RFC 5425 on Kiwi Syslog server. Attached is the syslog configuration.

question: How do I enable the ciphers mentioned in the article?

Answer, They are enabled from ePO, you need to see how to enable this on the syslog with your syslog vendor , Also "You do not need to import the certificate used by the syslog receiver into ePO. As long as the certificate is valid, ePO accepts it. Self-signed certificates are supported and are commonly used for this purpose." from the article KB91194


On your last screenshot i don't see RFC 5424  and that is also needed, im not sure how to configure that on this particular syslog

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?