Configure McAfee Syslog Event Forwarding

McAfee® Enterprise Security Manager (ESM) is the foundation of the McAfee® security information and event management solution (SIEM). You can create a connector to forward all data types to McAfee® Enterprise Security Manager.

You must configure your McAfee® SIEM Solution to receive Syslog data sources.

  1. In the BeyondInsight console, go to Configuration > General > Connectors.
  2. In the Connectors pane, click Create New Connector.
  3. Enter a name for the connector.
  1. Select McAfee Syslog Event Forwarding from the Connector Type list.
  2. Click Create Connector.
  1. Leave Active (yes) enabled.
  2. Select an optional syslog facility from the list.
  3. Provide the required details for the available output pipelines for the McAfee Syslog data source:
    • Select the protocol: TCP, TCP-SSL, or UDP.
    • Enter Host Name and Port.
  4. Select an output format: NewLine Delimited, Tab Delimited, or Comma Delimited.
  5. Expand Event Filters, and then select the events you want to forward.
  6. Click Test Connector to send a test event message.
  7. Click Create Connector.

For more information, please see the McAfee documentation for configuring a Syslog data source to SIEM solution.