Set Up Instructions
Configure Log Forwarding for Symantec Endpoint Security
Forward traffic logs from Symantec Endpoint Security to a SIEM for longterm storage, compliance, audit, reporting or legal reasons.
Required Blumira Module: Logger
- In the console, click Admin.
- Click Servers.
- Click the local site or remote site that you want to export log data from.
- Click Configure External Logging.
- On the General tab, in the Update Frequency list box, select how often to send the log data to the file.
- In the Master Logging Server list box, select the management server to send the logs to.
- NOTE: If you use SQL Server and connect multiple management servers to the database, specify only one server as the Master Logging Server.
- Check Enable Transmission of Logs to a Syslog Server.
- Provide the following information:Syslog Server
- Type the IP address or domain name of the Syslog server that you want to receive the log data. This will be the IP address of your Blumira Sensor.
- Select the protocol to use, and type the destination port that the Syslog server uses to listen for Syslog messages.
- Type the number of the log facility that you want to the Syslog configuration file to use, or use the default. Valid values range from 0 to 23.
- On the Log Filter tab, check which logs to export.
- Click OK.