Video Screencast Help

Configure Symantec DLP with RSA envison for Syslog Alert

Created: 17 Mar 2014 • Updated: 18 Mar 2014 | 2 comments
Language Translations
kishorilal1986's picture
+2 2 Votes
Login to vote

Dear All,

Please follow the below instruction as I integrated DLP 12.0.1 with RSA envison for syslog.

Configure Symantec DLP

To configure Symantec DLP to work with the enVision appliance, you must complete the following

1. Configure System Events
2. Configure Response Rules
3. Enable Rules

Configure System Events

To configure system events:

  1.  On your Vontu system, depending on your operating system, choose one of the following:

         For Windows, change directories to \Vontu\Protect\config.
         For Linux, change directories to /opt/Vontu/Protect/config.

2. Open in a text editor.

3. Remove the number sign (#) from the line,, and then enter the
hostname or IP address of your enVision appliance.

4. Remove the # from the line, #systemevent.syslog.port=, and then type 514.

5. Remove the # from the line, #systemevent.syslog.format= [{0}] {1} - {2}.

6. Save and close the file.

7. Restart the Vontu server.

Configure Response Rules: Refer attached snapshot- response rule.jpg

To configure response rules:
1. Log on to the Symantec DLP user interface.
2. Click Policies > Response Rules > Add Response Rule.
3. Select Automated Response.
4. Click Next.
5. In the Configure Response Rule window, complete the fields as follows.

Field Action

Rule Name : Enter a rule name.
Description : Enter a description for the rule name.
6. From the Action drop-down list, select All: Log to a Syslog Server.
7. Click Add Action.
8. Complete the fields as follows.

Field Action

Host Enter the IP address of your enVision appliance.
Port Type 514.

Message Type:


* Important: This is one continuous entry. Do not add spaces or hyphens.

Level Select 4.

9. Click Save.

Enable Rules

To enable rules: refer the attached screenshot - Policy response.JPG

1. Click Policies > Policy List.
2. Select a policy that you want to report on.
3. Click the Response tab.
4. From the drop-down list, select the rule you created in the previous task.
5. Click Add Response Rule.

Example of created Response Rule:

Find the attached snapshot


Comments 2 CommentsJump to latest comment

Sahaba's picture


This is what i was looking for 

Login to vote