SEPM 11 Syslog Message Source Listed Incorrectly?
I have a distributed SEP management environment with multiple SEPM servers. On each SEPM server I have configured external logging to an external syslog server. We then receive alarms and email / sms notifications when a particular Syslog message is received (in this case a virus)
This works for some of our SEPM servers, for the servers that are working properly the syslog message source is the IP address of the SEPM server: e.g.
|192.168.0.22 line printer subsystem ERROR site: mysite Server: SERVER01: Virus Found Tue Jan 29 17:32|
For the SEPM syslogs that are not working the source is listed as SymantecServer and not the IP address, in turn our syslog server cannot process the syslog into an alarm as the source does not match any of our servernames:
|SymantecServer line printer subsystem ERROR site: mysite Server: SERVER01: Virus Found Tue Jan 29 17:32|
Anyone know where the Source is configured? There must be some difference in the SEPM servers as some are listed as the IP address where others just send messages as a generic SymantecServer? Or maybe there is another reason I am missing?
Any ideas are greatly appreciated.