This post describes how to configure LogRhythm Agnet to collect the Symantec SEPM logs through MS SQL DB.

Method 1 – Syslog Forwarding

1  This is traditional way to forward logs from SEPM to Syslog servers, such as ArcSight, Splunk, Qradar, LogRhythm, etc. 


Note: SEPM does not support multiple syslog servers. Only one host can be configured and supported.

Procedure

  • Log in to your Symantec Endpoint Protection Manager system.
  • In the left pane, click the Admin icon.
  • In the bottom of the View Servers pane, click Servers.
  • In the View Servers pane, click Local Site.
  • In the Tasks pane, click Configure External Logging.
  • From the Generals tab, select the Enable Transmission of Logs to a Syslog Server check box.
  • In the Syslog Server field, type the IP address of your Syslog Server that you want to parse the logs.
  • In the UDP Destination Port field, type 514.
  • In the Log Facility field, type 6.
  • In the Log Filter tab, under Management Server Logs, select the Audit Logs check box.
  • In the Client Log pane, select the Security Logs check box.
  • In the Client Log pane, select the Risks check box.
  • Click OK.



Method 2 – ODBC Connection

2 

Configuration Steps







By Jon

Leave a Reply