Symentec endpoint syslog integration

Unanswered Question
Sep 29th, 2009
User Badges:


I am forwording the symentec end point log from symentec managmenent console to MARS as a SYSlog. On MARS, I configured the symentec Mgmt server as generic syslog server. I am receiving the logs on MARS but all the logs generate the following Events, which is useless.

"Forwarded Syslog Message -- Original Sending Device IP Address Unresolvable".

What is the method to enable the proper log persing for symentec end point?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rossmj2001 Fri, 12/18/2009 - 14:34
User Badges:

I don't think you want to configure the Symantec endpoint server as a Generic SysLog Server. You would only do that if you want to forward logs from MARS to the Symantec endpoint server. I assume you want to do the opposite, send logs from Symantec endpoint server to MARS. Just add the Symantec endpoint server as a Microsoft Windows XXXX device and using "Logging Info" button configure it to "Receive" (not "Pull") events. The other fields are not necessary (e.g. domain name, host login, host password). If Symantec endpoint server doesn't forward logs in the standard SysLog format you may need to do some custom parsing.

radiomoskau Tue, 03/09/2010 - 08:36
User Badges:


If you are still looking for a solution - take a look on the Custom Device Type I just posted on the Packet Sharing Page...

As my stuff is designed for SEP's german version this probably won't solve your problems, but maybe it shows you a practicable way ?!




This Discussion