Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

query refresh timings

Created: 11 Jun 2013 | 2 comments

goodmoring,

 which is the time the clients sends events to the server?

than you.

Operating Systems:

Comments 2 CommentsJump to latest comment

VSK's picture

They send all the time...that is in real time, unless there is an execution time field specified in the sensor properties.

-VSK

Milan_T's picture

All appliances / assets integrated with Siem send / fetch logs in real time schenario if it sends logs using push mode(i.e. syslog with udp 514).

In windows server with offbox mode it will take fwe seconds to reach at siem because of pull mode using user request to fetch logs.

If you mention timestamp it will take logs during that perticular time.

In this case real time logs will not fetched instead new logs generated during timestamp will be fetched at a time.