Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Setting up McAfee EPO to send syslogs to Nagios Log Server

https://support.nagios.com/forum/viewtopic.php?t=62822

Page 1 of 1

Setting up McAfee EPO to send syslogs to Nagios Log Server

Posted: Mon Jun 14, 2021 10:19 am
by klg
I am attempting to set up syslog forwarding from the McAfee ePolicy Orchestrator to my Log Server. I have followed the steps outlined in this document (https://assets.nagios.com/downloads/nag ... th-SSL.pdf), verified and applied the steps sucessfully. However, when I log into EPO, set up the forwarding, and click on "Test Connection", it says connection failed. Is there a step I am missing?

Re: Setting up McAfee EPO to send syslogs to Nagios Log Serv

Posted: Tue Jun 15, 2021 11:05 am
by ssax
Please SSH into the Log Server system and install tcpdump:

Code: Select all

yum install tcpdump
Then run this command and leave it running:
- Change X.X.X.X to the IP of your EPO server

Code: Select all

tcpdump -nni any host X.X.X.X
Now do the EPO test again, do you see any packets in the tcpdump output? If not, it's being blocked by something in-between such as a firewall/IPS/proxy/security device.

Is the EPO server a Windows or Linux system?
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited