Re: Symentec endpoint syslog integration

mustafa_nbk · ‎09-29-2009

Hi,

I am forwording the symentec end point log from symentec managmenent console to MARS as a SYSlog. On MARS, I configured the symentec Mgmt server as generic syslog server. I am receiving the logs on MARS but all the logs generate the following Events, which is useless.

"Forwarded Syslog Message -- Original Sending Device IP Address Unresolvable".

What is the method to enable the proper log persing for symentec end point?

Thanks,

Mustafa

rossmj2001 · ‎12-18-2009

I don't think you want to configure the Symantec endpoint server as a Generic SysLog Server. You would only do that if you want to forward logs from MARS to the Symantec endpoint server. I assume you want to do the opposite, send logs from Symantec endpoint server to MARS. Just add the Symantec endpoint server as a Microsoft Windows XXXX device and using "Logging Info" button configure it to "Receive" (not "Pull") events. The other fields are not necessary (e.g. domain name, host login, host password). If Symantec endpoint server doesn't forward logs in the standard SysLog format you may need to do some custom parsing.

radiomoskau · ‎03-09-2010

Hi!

If you are still looking for a solution - take a look on the Custom Device Type I just posted on the Packet Sharing Page...

As my stuff is designed for SEP's german version this probably won't solve your problems, but maybe it shows you a practicable way ?!

Greetz

Roman