Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to configure SEPM to send logs to Cisco IPS?

Created: 26 Jun 2013 | 7 comments
Vladimir Vucinic's picture

Hi,

Based on demonstration video of integration of Cisco IPS and SEPM (where is looks like SEPM is sending logs to Cisco IPS using SDEE protocol), could you please post instruction how to confgiure SEPM to send logs to Cisco IPS using SDEE (Security Device Event Exchange) protocol?

Video link: http://www.youtube.com/watch?v=iwRDs4On0q8

Best regards,

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

Admin page >> Servers tab >> Select your local site and under Tasks select Configure External Logging

Edit as you see fit.

Also, you may need to consult the cisco admin guide for this. The logging setup in SEPM is pretty basic and straightforward.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vladimir Vucinic's picture

Hi Brian81,

Thank you for your fast reply. I am aware of External logging option, but this is for syslog servers and I am not sure if there is SDEE protocol hidden in some settings that I do not know or can not find.

Best regards,

Vladimir

Vladimir Vucinic
Net++ technology

.Brian's picture

There is not. Only TCP and UDP are available.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vladimir Vucinic's picture

Hi Brian,

Take a time and have a look the following video: http://www.youtube.com/watch?v=iwRDs4On0q8

Best regards,

Vladimir Vucinic
Net++ technology

.Brian's picture

The video shows nothing on how to configure. There is no option in the External Logging piece to chose the SDEE protocol.

SDEE uses TCP/443 by default so I would try setting that up in the SEPM to see what the result is.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Paul Murgatroyd's picture

Hi Vladimir,

The integration was a proof of concept for Cisco to demo at Cisco Live - its something we are working on with them.  That said, if you would like to use this now, please contact Cisco, who will help you configure it via one of their partners.

thanks

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Vladimir Vucinic's picture

Hi Paul,

After number of emails and phone calls, we (me and the customer) did not have luch with Cisco and Cisco Partner - is there anybody at Symantec that can just show us the basic steps, how to?

Best regards,

Vladimir Vucinic
Net++ technology