Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Sep11 External Logging

Created: 19 Mar 2010 • Updated: 20 Sep 2010 | 2 comments

We use an external logging appliance to correlate logs across our many security devices.  I am having trouble mapping and understanding which logs are available at the client level, the server reporting level and the external logging level.  Specifically I am interested in the IDS logs that are located at the server reporting level and labeled "Network Threat Protection" but I would like them to be sent to my external logging solution but I am not seeing them.  PLEASE provide an understanding of this!

At the client level I have:
Scan Log
Risk Log
System Log (A/V and Anti-Spyware)
Threat Log
System Log (Proactive Threat Protection)
Traffic Log
Packet Log

At the server reporting level I have:

At the external logging level I have:

Comments 2 CommentsJump to latest comment

Rafeeq's picture

it wil be under network threat protection log
sepm
monitors - logs - Network threat protection
type: attacks

derok7's picture

Can you speak to whether these attacks are sent through the external logging facility?  Because I am not seeing them.  I see firewall logs, virus logs and some of the others, but not intrusion logs from an external logging perspective.