cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 6

Log forwarding to Log Insight Server from Specific subnet

Team,

 

We are trying to forward only logs from specific subnet to Losg Insight Server in our environment. Is it feasible?

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Log forwarding to Log Insight Server from Specific subnet

Please be specific on what logs you want to forward to insight server?

I could see insight server is an IBM product, If it similar to syslog server. then you may look at the below article for more information on integration part and requirements. 

  1. What is a syslog server?  - https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-FEBFD694-352E-427...
  2. How to set up an example syslog server for use with ePolicy Orchestrator -  https://kc.mcafee.com/corporate/index?page=content&id=KB87927
  3. Encryption requirements for ePolicy Orchestrator syslog integration - https://kc.mcafee.com/corporate/index?page=content&id=KB91194

 

If above answers resolves your issue, then please mark this thread as resolved. 

Level 9
Report Inappropriate Content
Message 3 of 6

Re: Log forwarding to Log Insight Server from Specific subnet

Thank you.

 

I also wanted to know if we can forward the logs to Insight Server from specific subnets alone.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Log forwarding to Log Insight Server from Specific subnet

How does event log forwarding work?

The McAfee Agent sends events to the ePO or Remote Agent Handler. Use McAfee ePO to configure syslog server and forward events to the syslog server.

 

Note: Event wont be forwarded from endpoint to Syslog server directly, so syslog server should have proper connectivity to the EPO/Agent Hanlder,  inorder to receive those events and logs. 

Highlighted
Level 9
Report Inappropriate Content
Message 5 of 6

Re: Log forwarding to Log Insight Server from Specific subnet

Thanks. However my question is

 

Yes , logs will be sent either to ePO or AH however from ePO , do we have an option to send logs of specific subnet to Syslog server

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Log forwarding to Log Insight Server from Specific subnet

No, you cannot configure to send events for specific subnet or specific endpoints. 

If you configure event forwarding from epo to syslog then it would forward all the configured events.

 

you can only choose what events you want to forward or not! 

Server settings-->Event Filtering

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community