cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ccastbr
Level 10
Report Inappropriate Content
Message 1 of 3

SysLog publishing - what authentication methods available

Jump to solution

I have set up SysLog publishing to a logstash server and it is working fine.  The logstash server has a certificate issued by our certificate authority and I imported the root certificate and intermediate certificate to the ePO Windows VM. 

I was asked, and I do not know how to answer, what authentication methods are available for the ePO in connecting to the syslog server.   I was asked if the ePO can specify different levels of SSL authentication (ex: Anonymous, Certificate, Name, Fingerprint).      I am not sure I can answer what method is being used.    

I have read KB87927 and also forwarded that to the syslog server owner, but they are still curious, and, now, so am I!   

Does anyone know more about how authentication from the ePO to the syslog server is handled and whether there is a way to configure what method is used?

Thanks

1 Solution

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: SysLog publishing - what authentication methods available

Jump to solution

Per KB91194, ePO syslog integration is only supported for TCP with TLS receivers following RFC 5424 and RFC 5425 (generally known as syslog-ng).  There is no place for any credentials, it is strictly a tls connection based on the certificate you imported.  So basically, it is all based on the RFC standards.  That is all the info we have on it, to be honest.  It would take an SR and case opened with development to get any other detail.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: SysLog publishing - what authentication methods available

Jump to solution

Per KB91194, ePO syslog integration is only supported for TCP with TLS receivers following RFC 5424 and RFC 5425 (generally known as syslog-ng).  There is no place for any credentials, it is strictly a tls connection based on the certificate you imported.  So basically, it is all based on the RFC standards.  That is all the info we have on it, to be honest.  It would take an SR and case opened with development to get any other detail.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

ccastbr
Level 10
Report Inappropriate Content
Message 3 of 3

Re: SysLog publishing - what authentication methods available

Jump to solution

Thank you.  I will pass the information along.   Syslog is working as expected, however, I just had that lingering question.

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community