Endpoint Protection

 View Only

  • 1.  SEP Syslog(or Event log)

    Posted May 24, 2019 10:53 AM

    Hello All,

     

    I'm using SEP v14.

    And I'm trying to forward SEP Syslogs to our SIEM.

    But, I can't find Syslog format. To normalize in our SIEM, I have to know about syslog format which is coming in SIEM.

    After nomalizing, we can monitor it with this.

    Also, I'm trying to get Windows Event ID to monitor AV for us from SEP.

     

    So, My question is..

    1. Where can I get syslog format?

    2. Where can I get Windows Event ID for AV monitor?

     

    Thank you in advance for any assistance.



  • 2.  RE: SEP Syslog(or Event log)

    Posted May 24, 2019 10:58 AM

    The format is what is required by your SIEM. You may need to go through your documentation to find out what it wants to use. SEPM should support multiple formats.



  • 3.  RE: SEP Syslog(or Event log)

    Posted Jun 03, 2019 08:35 AM

    Hi Brian,

    What is the event format in which SEPM forwards data to external syslog server?  I am looking for the same. Please let us know if you have any event reference guide or any other document which explains about the event format. 



  • 4.  RE: SEP Syslog(or Event log)

    Posted Jun 26, 2019 01:57 AM

    Hi Amol,

    There are total 16 different log types (including both server and client logs). Please refer the below link.

    https://support.symantec.com/us/en/article.tech171741.html