Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Symentec endpoint syslog integration

Hi,

I am forwording the symentec end point log from symentec managmenent console to MARS as a SYSlog. On MARS, I configured the symentec Mgmt server as generic syslog server. I am receiving the logs on MARS but all the logs generate the following Events, which is useless.

"Forwarded Syslog Message -- Original Sending Device IP Address Unresolvable".

What is the method to enable the proper log persing for symentec end point?

Thanks,

Mustafa

2 REPLIES
New Member

Re: Symentec endpoint syslog integration

I don't think you want to configure the Symantec endpoint server as a Generic SysLog Server. You would only do that if you want to forward logs from MARS to the Symantec endpoint server. I assume you want to do the opposite, send logs from Symantec endpoint server to MARS. Just add the Symantec endpoint server as a Microsoft Windows XXXX device and using "Logging Info" button configure it to "Receive" (not "Pull") events. The other fields are not necessary (e.g. domain name, host login, host password). If Symantec endpoint server doesn't forward logs in the standard SysLog format you may need to do some custom parsing.

New Member

Re: Symentec endpoint syslog integration

Hi!

If you are still looking for a solution - take a look on the Custom Device Type I just posted on the Packet Sharing Page...

As my stuff is designed for SEP's german version this probably won't solve your problems, but maybe it shows you a practicable way ?!

Greetz

Roman

904
Views
0
Helpful
2
Replies
CreatePlease to create content