Symantec Endpoint Protection Manager
This document describes how to configure Symantec EPM device to send the log data to a Logmanager server.
After configuring EPM device you need to correctly configure Classifiers in Logmanager to have data correctly parsed in Logmanager.
For detailed information about Symantec EPM see https://support.symantec.com/en_US/article.HOWTO81168.html#v8440135
To export log data to a Syslog server
-
In the console, click Admin.
-
Click Servers.
-
Click the local site or remote site that you want to export log data from.
-
Click Configure External Logging.
Symantec Endpoint Protection Manager Syslog
-
On the General tab, in the Update Frequency list box, select how often to send the log data to the file.
-
In the Master Logging Server list box, select the management server to send the logs to.
-
Check Enable Transmission of Logs to a Syslog Server.
-
Provide the following information:
-
Syslog Server
Type the IP address or domain name of the Logmanager server that you want to send audit data to.
-
Destination Port
Select the protocol to use, and type the destination port that the Logmanager server uses to listen for Syslog messages.
-
Log Facility
Type the number of the log facility that you want to use for the Syslog messages, or use the default. Valid values range from 0 to 23.
External Logging for Local Site - General
-
-
On the Log Filter tab, check which logs to export.
-
Click OK.
External Logging for Local Site - Log Filter