Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

How to configure external logging for SSIM in Symantec Endpoint Protection?

Updated: 21 May 2010 | 5 comments
ctrlq's picture
ctrlq
Accredited
+1 1 Vote
Login to vote
This issue has been solved. See solution.

Hi everyone...

How to configure external logging for SSIM in Symantec Endpoint Protection?

Thanks in advance...

discussion Filed Under:
, , ,

Comments

snekul's picture
06
Oct
2009
0 Votes 0
Login to vote
snekul

Best I can find is in the

Best I can find is in the SSIM forum, hope that helps. https://www-secure.symantec.com/connect/forums/help-how-can-i-collector-sep11-events

Eric C. Lukens IT Security Policy and Risk Assessment Analyst University of Northern Iowa

Aniket Amdekar's picture
06
Oct
2009
2 Votes +2
Login to vote
Aniket Amdekar

Hi, To configure external

Hi,

To configure external logging, you need to go to Admin-> Servers-> Local Site -> Configure External Logging configure external logging.JPG

And I think the SSIM is able to accept the logs in syslog format. So if you provide the address of SSIM with the relevent information, it should be able to forward the logs.

Best,
Aniket

Subhani's picture
31
Jan
2010
0 Votes 0
Login to vote
Subhani

Facility Level

Hi Aniket , do you have any Idea which facility level should be used .

Laurent_c's picture
31
Jan
2010
1 Vote +1
Login to vote
Laurent_c
Symantec Employee
Accredited

Using Syslog forwarding will

Using Syslog forwarding will work but it is not the best way, as the problem with any syslog (TCP/UDP) is that is target is down messages can be lost. (also suing syslog the mapping won't be good as it won't be correlating events with Deepsight GIN data.

SSIM has special Symantec EndPoint Collector 4.3. This collector goes directly in the DB to collect information (it support SQL or Sybase)

If you are using SSIM 4.6 or 4.7, this collector is alredy pre-installed onboard.

ctrlq's picture
16
Mar
2010
0 Votes 0
Login to vote
ctrlq
Accredited

I completed the configuration of SSIM to take information from S

Laurent_C that is correct.

I completed the configuration of SSIM to take information from SEPM with SQL server 2005 and the procedure was as follows:

Install the SSIM agent on the SEP server.
Install the collector on the SEP SEP server.
Install the collector on the SEP State SEP server.
Install from SSIM client on the SEPM server
Configure the sensor on SSIM appliance.

To download the collectors must do so from: https: / / fileconnect.symantec.com /

The driver for SQL server must be downloaded from: http://service1.symantec.com/SUPPORT/ent-gate.nsf/...
download

Thanks for the replies,

Regards,

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,782