https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96310#M20091 <P>Hi Aaron, according to <A href="http://kc.mcafee.com/corporate/index?page=answerlink&amp;url=spD2Ro8-7xeSDi5pMVrcP4NU4ttaDgfvDk2wLTCzMyuMz4oyiLGtCwXyK-df8-rTJFeDr-E2d5KAfwI6LVw1bnWuIQsNjHpp38oNnKthbAH6Wc3uAV-hNpjW3UWjKYYsGpZI9jjhwVKI1eUpoOcSUeU-qClOYC9FdHJAIZeHvnV1D7BddyGF4Wl3Dbj!5NFlu1RIhjiLdQqM2H2GOdxPHEZ0vPcJgGQP&amp;answerid=16777216&amp;searchid=1378124191887">http://kc.mcafee.com/corporate/index?page=answerlink&amp;url=spD2Ro8-7xeSDi5pMVrcP4NU4ttaDgfvDk2wLTCzMyuMz4oyiLGtCwXyK-df8-rTJFeDr-E2d5KAfwI6LVw1bnWuIQsNjHpp38oNnKthbAH6Wc3uAV-hNpjW3UWjKYYsGpZI9jjhwVKI1eUpoOcSUeU-qClOYC9FdHJAIZeHvnV1D7BddyGF4Wl3Dbj!5NFlu1RIhjiLdQqM2H2GOdxPHEZ0vPcJgGQP&amp;answerid=16777216&amp;searchid=1378124191887</A> you can configure the logs in a matter so it will write a txt log file. This can be monitored by Splunk, read more here <A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor">http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor</A></P> Mon, 02 Sep 2013 12:20:58 GMT MuS 2013-09-02T12:20:58Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96303#M20084 <P>Hi</P> <P>We have to integrate McAfee epo(full fledged) instance with splunk i.e we want logs of EPO in splunk. What is the best way to do it. Should i install Universal forwarder on the epo machine or should i use EPO extended configuration and register my splunk as a syslog server there(donot know how to do this).Also we donot want to use ESS for this. Please help !!</P> Tue, 16 Jul 2013 06:19:31 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96303#M20084 lohit 2013-07-16T06:19:31Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96304#M20085 <P>Hi lohit,</P> <P>both will work fine, if you can configure and/or setup it up in EPO. <BR /> <CODE>Syslog</CODE> has some down sides, like data can get lost if the indexer is down for example. Personally I would configure EPO to create text Log file and install a Splunk Universalforwarder to monitor the log. </P> <P>Hope this helps a bit to get you started.</P> <P>Cheers, MuS</P> Tue, 16 Jul 2013 06:31:21 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96304#M20085 MuS 2013-07-16T06:31:21Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96305#M20086 <P>Thanks a lot MuS.</P> <P>Totally agree with syslog downside. Only positive points from EPO setup is that we can actually log only a specific type of events to a syslog server from EPO console like for example based on severity instead of collecting all logs and then extracting it in splunk.</P> Tue, 16 Jul 2013 06:45:21 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96305#M20086 lohit 2013-07-16T06:45:21Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96306#M20087 <P>Were you able to do this? If so please share a little how to.</P> Tue, 27 Aug 2013 21:47:41 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96306#M20087 adrianathome 2013-08-27T21:47:41Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96307#M20088 <P>Which part are you having trouble with?</P> Tue, 27 Aug 2013 21:57:29 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96307#M20088 lukejadamec 2013-08-27T21:57:29Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96308#M20089 <P>Interested in a procedure to have epo write logs to text file. Also any props/transforms for the epo data.</P> Thu, 29 Aug 2013 03:49:18 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96308#M20089 adrianathome 2013-08-29T03:49:18Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96309#M20090 <P>Can anyone provide any further info on how to get EPO to export to a .txt file and then monitor with Splunk ?</P> Mon, 02 Sep 2013 11:54:36 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96309#M20090 AaronMoorcroft 2013-09-02T11:54:36Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96310#M20091 <P>Hi Aaron, according to <A href="http://kc.mcafee.com/corporate/index?page=answerlink&amp;url=spD2Ro8-7xeSDi5pMVrcP4NU4ttaDgfvDk2wLTCzMyuMz4oyiLGtCwXyK-df8-rTJFeDr-E2d5KAfwI6LVw1bnWuIQsNjHpp38oNnKthbAH6Wc3uAV-hNpjW3UWjKYYsGpZI9jjhwVKI1eUpoOcSUeU-qClOYC9FdHJAIZeHvnV1D7BddyGF4Wl3Dbj!5NFlu1RIhjiLdQqM2H2GOdxPHEZ0vPcJgGQP&amp;answerid=16777216&amp;searchid=1378124191887">http://kc.mcafee.com/corporate/index?page=answerlink&amp;url=spD2Ro8-7xeSDi5pMVrcP4NU4ttaDgfvDk2wLTCzMyuMz4oyiLGtCwXyK-df8-rTJFeDr-E2d5KAfwI6LVw1bnWuIQsNjHpp38oNnKthbAH6Wc3uAV-hNpjW3UWjKYYsGpZI9jjhwVKI1eUpoOcSUeU-qClOYC9FdHJAIZeHvnV1D7BddyGF4Wl3Dbj!5NFlu1RIhjiLdQqM2H2GOdxPHEZ0vPcJgGQP&amp;answerid=16777216&amp;searchid=1378124191887</A> you can configure the logs in a matter so it will write a txt log file. This can be monitored by Splunk, read more here <A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor">http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor</A></P> Mon, 02 Sep 2013 12:20:58 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96310#M20091 MuS 2013-09-02T12:20:58Z https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96311#M20092 <P>FYI, there's now a DB Connect based way to do EPO logs too: <A href="http://apps.splunk.com/app/1819/">http://apps.splunk.com/app/1819/</A></P> Tue, 08 Jul 2014 18:56:53 GMT https://community.splunk.com/t5/Getting-Data-In/McAfee-epo-integration-with-Splunk/m-p/96311#M20092 jcoates_splunk 2014-07-08T18:56:53Z