Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Sep11 External Logging

Created: 19 Mar 2010 • Updated: 20 Sep 2010 | 2 comments

We use an external logging appliance to correlate logs across our many security devices.  I am having trouble mapping and understanding which logs are available at the client level, the server reporting level and the external logging level.  Specifically I am interested in the IDS logs that are located at the server reporting level and labeled "Network Threat Protection" but I would like them to be sent to my external logging solution but I am not seeing them.  PLEASE provide an understanding of this!

At the client level I have:
Scan Log
Risk Log
System Log (A/V and Anti-Spyware)
Threat Log
System Log (Proactive Threat Protection)
Traffic Log
Packet Log

At the server reporting level I have:

At the external logging level I have:

Comments 2 CommentsJump to latest comment

Rafeeq's picture

it wil be under network threat protection log
sepm
monitors - logs - Network threat protection
type: attacks

derok7's picture

Can you speak to whether these attacks are sent through the external logging facility?  Because I am not seeing them.  I see firewall logs, virus logs and some of the others, but not intrusion logs from an external logging perspective.