Hi,
I fail to understand why the IP address is included in the E-mail alerts but is
not included with the information sent to our syslog server?
Syslog entry:
Sep 16 09:17:46 endpoint.foobar SymantecServer endpoint.foobar: Virus found,Computer name: 226-2,Source: Real Time Scan,Risk name: Trojan.Dropper,Occurrences: 1,C:/Documents and Settings/testuser/Local Settings/Temporary Internet Files/Content.IE5/SO66RYKA/greeting[1].exe,"",Actual action: Cleaned by deletion,Requested action: Cleaned,Secondary action: Quarantined,Event time: 2009-09-16 13:14:35,Inserted: 2009-09-16 13:17:34,End: 2009-09-16 13:10:42,Domain: Default,Group: My Company\MyGroup,Server: endpoint.foobar,User: testuser,Source computer: ,Source IP: 0.0.0.0
Email Alert:
Risk name: Trojan.Dropper
Event time: 2009-09-16 13:14:35 GMT
Database insert time: 2009-09-16 13:17:34 GMT
User: testuser
Computer: 226-2
IP Address: 130.xx.xx.xx
Domain: Default
Server: endpoint.foobar
Client Group: My Company\MyGroup
Action taken on risk: Cleaned by deletion
Thanks everyone.