Event filtering setting not honored when using the option 'Forward to Syslog'

Technical Articles ID: KB95443
Last Modified: 2022-04-04 04:49:57 Etc/GMT

Environment

ePolicy Orchestrator (ePO) 5.10.0 Update 1 and later

Problem

Event filtering isn't honored when you select the option to only Forward to Syslog.

When you want to forward a specific Event ID to only a Registered Syslog receiver, the Event ID is sent to both the ePO Database and Syslog receiver.

Events recorded in the Event Parser Logs:

X #06280 EVNTPRSR source\server.cpp(1357): Processing <EPOEvent>, C:\PROGRA~2\McAfee\EPOLIC~1\DB\Events\2fc70143-abcc-4313-966a-5cd8580016e0-mc_202203162326267075474000019E0.xml.
I #06344 EVNTPRSR Succeeded <EPOEvent>, C:\PROGRA~2\McAfee\EPOLIC~1\DB\Events\2fc70143-abcc-4313-966a-5cd8580016e0-mc_202203162326344159867000019E0.xml.
X #06280 EVNTPRSR source\SyslogForwarder.cpp(373): Found cached work item data for tenant 1: bpsid=1, guid={CB2D518E-D360-477A-9822-F22EA99F71A4}, nodepath=1\2
X #06280 MFEFIPS mfefips_SSLSubSys.cpp(160): Creating new connection for x.x.x.x:6514
I #06280 MFEFIPS Trying handshake for x.x.x.x:6514...
X #06280 MFEFIPS mfefips_SSLSubSys.cpp(394): Wrote 1350 SSL bytes, trying to write 1350 bytes to x.x.x.x:6514

Solution

We investigated this issue and a Proof of Concept (POC) Build is currently available to resolve the issue. To obtain the POC Build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Event filtering setting not honored when using the option 'Forward to Syslog'

Environment

Problem

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Event filtering setting not honored when using the option 'Forward to Syslog'

Environment

Problem

Solution

Affected Products

Languages:

Choose your region

Title

Title