Logstash McAfee Pipeline
Looking for a Logstash McAfee Pipeline? We can help. Data is usually scattered in many formats across various systems. Logstash supports a multitude of inputs and pulls events from various sources in a continuous stream. Many organizations use Logstash at some capacity to ingest logs then place them into a database. There are also a variety of outputs that let you route data where you want. And if the plugin you need for an application doesn’t exist, there’s an option to build your own. However, due to log format and also how the XML is organized, it can be a real challenge to write your own Logstash Pipeline for an application.
We couldn’t locate a canned pipeline for McAfee E-Policy Orchestrator (EPO) out on the internet. The top hits came up with an old version of Elastic, or a file named mcafee.conf with nothing in it! We needed to build our own Logstash Pipeline to shape McAfee EPO data before it’s ingested into our analytics platform for analysis.
We’ve seen many members of the community in search for the code that will reduce McAfee EPO’s complicated XML logs into key-value pairs. We built it for our own security service purposes and are happy to share! This plugin works with Elasticsearch 6.x and Elasticsearch 7.x. Fill out the form for the code document and we’ll also email you the .conf file.