What do you need help with?

We are here and ready to help.
Email: servicedesk@socfortress.co

    McAfee ePolicy Orchestrator - Syslog Forwarder

    Juan Romero

    22-Oct-2025

    McAfee ePolicy Orchestrator  - Syslog Forwarder

    Intro

    ePO syslog forwarding only supports the TCP protocol and requires Transport Layer Security (TLS). Specifically, it supports receivers following RFC 5424 and RFC 5425, which is known as syslog-ng.
    You don't need to import the certificate used by the syslog receiver into ePO. As long as the certificate is valid, ePO accepts it. Self-signed certificates are supported and are commonly used for this purpose.

     

    Configure a Syslog Server

    1. Configure ePO to use a syslog server:
    1. Log on to the ePO console.
    2. Navigate to Menu, Configuration, Registered Servers.
    3. Click New Server.
    4. From the Server type menu on the Description page, select Syslog Server.
    5. Specify a unique name and any details, and then click Next.
    6. From the Registered Server Builder page, configure the following settings:​
    • Server name - Enter the IP address of the syslog server.
    • TCP port number - Enter port number.
    • Enable event forwarding - This option enables event forwarding from the Agent Handler to this syslog server.
    1. Click Test Connection. This action verifies the connection to your syslog server. You now see the following message:

      Syslog connection success
       
    2. Click Save.
    Facebook Share Tweet

    Was this article helpfu?

    Yes No

    Thank you for voting

    Comments

    ×
    Select company

    You are related to multiple companies. Please select the company you wish to login as.