Objective: Forward syslog messages from McAfee ePO to QRadar.
New Facility: No change
New Level: No change
Send with RFC3164 header information: Unchecked
Retain the original source address of the message: Checked
Spoof Network Packet: Checked
Issue: QRadar admin claims syslog messages relayed from McAfee ePO are not parsing correctly--implying that KSS is somehow mangling the messages. True?
McAfee ePO DSM is installed on QRadar.