This post describes how to configure LogRhythm Agnet to collect the Symantec SEPM logs through MS SQL DB.

Method 1 – Syslog Forwarding

1  This is traditional way to forward logs from SEPM to Syslog servers, such as ArcSight, Splunk, Qradar, LogRhythm, etc. 


Note: SEPM does not support multiple syslog servers. Only one host can be configured and supported.

Procedure

  • Log in to your Symantec Endpoint Protection Manager system.
  • In the left pane, click the Admin icon.
  • In the bottom of the View Servers pane, click Servers.
  • In the View Servers pane, click Local Site.
  • In the Tasks pane, click Configure External Logging.
  • From the Generals tab, select the Enable Transmission of Logs to a Syslog Server check box.
  • In the Syslog Server field, type the IP address of your Syslog Server that you want to parse the logs.
  • In the UDP Destination Port field, type 514.
  • In the Log Facility field, type 6.
  • In the Log Filter tab, under Management Server Logs, select the Audit Logs check box.
  • In the Client Log pane, select the Security Logs check box.
  • In the Client Log pane, select the Risks check box.
  • Click OK.



Method 2 – ODBC Connection

2 

Configuration Steps







By Jon

Leave a Reply

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

%d