Showing results for 
Search instead for 
Did you mean: 
Level 7

Send ePO logs to Syslog

On ePO 5.3 running on Windows 2008 R2, is it possible to send logs to a 3rd party syslog?

I can see all the log files in \Program Files (x86)\McAfee\ePolicy Orchestrator\Server\Logs.

I would like to send log files to a LogRhythm agent to forward on the Logrhytm for analysis.

Thanks for your time!

0 Kudos
1 Reply
Level 7

Re: Send ePO logs to Syslog

Not sure on 5.3 but on earlier versions this did not exist (there's a product idea suggestion on there somewhere that you can vote on to have syslog functionality included in future version).  The way around it is to use an external executable that acts as a syslog client, then create automatic responses to run the external program while passing it system variables that you want logged.

For this I use klog.exe from Kiwi Syslog and an example command arguments is below:

-u 514 -h -p 10 -m "ePO-Threat-Event Action:{threatActionTaken}, Category:{threatCategory}, Event ID:{threatEventID}, Handled:{threatHandled}, Name:{threatName}, Severity:{threatSeverity}, Type:{threatType}"

If you can't find another way to get your hands on klog.exe you can download it from

Use something like 7-Zip to open the .exe file as an archive, then look inside \KLOG Command-line Tools\klog\ to extract klog.exe

Hope this helps.