Using the syslog server to monitor an Enforcer

Article:HOWTO81755  |  Created: 2012-10-25  |  Updated: 2014-09-21  |  Article URL
Article Type
How To


Using the syslog server to monitor an Enforcer

You can use the syslog facility to log Enforcer messages. You can specify the following aspects:

  • IP address of the syslog server

  • Level of syslog entry

  • Authentication failure threshold

  • Alive message interval

To enable logging messages to the syslog for an Enforcer

  1. In Symantec Endpoint Protection Manager, click Admin.

  2. Click Servers.

  3. Under Servers, select the Enforcer group for which you want to enable logging to the syslog.

  4. Under Tasks, click Edit Group Properties.

  5. On the Logging tab, in the Syslog section, select among the following options:

    Syslog server

    Specify the IP address of the syslog server.


    The default level of syslog entry is Information. The levels include: Notice and Information. All logs more serious than the level specified are uploaded to the log server.

    Authentication failure threshold

    This parameter is defined in terms of the number of times multiples by the number of seconds. When authentication fails more frequently than specified, the following messages are logged.

    Alive message interval

    The Enforcer sends an "alive" message to the syslog server at a specified interval, in seconds. The default value is 1800 seconds.

  6. Click OK.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices