Endpoint Protection

Hi There,

I'm using SEPM 12.1.6, we did update recently, and found "insufficient disk space" logs are not being forwarded to Syslog server from which we are able to fetch the clients which are running on low disk space(because of which SEP clients can't perform updates or scans), and i verified all the log forwarding settings which seems normal. Only "insufficient disk space" logs are not being forwarded, remain all logs are being forwared to Syslog, can anyone please help me how to fix this problem? 

Thanks,

Phani.

Do you have clients sending the Syslog log info to the SEPM? And do you have the Client Activity Log being sent to syslog? This should include all events, fatal to info.

Do you see the same logs in the SEPM ? if yes then goto to admin tab and select server tab. select the site name and select configure external logging. have all the severity of logs (Fatal to info) from the Client Activity Log being sent to syslog.

Yes Brian, client are sending logs to SEPM, and we are able to see those logs in SEPM console also, but the we are not getting those logs in Syslog, only a portion of logs seems missing, I did verify the "Log Filter", and found no checkbox left unchecked. 

Thanks,

Phani.

Hi Praveen, I've verified the Log fileter setting, and found no check box left unchecked.

Thanks,

Phani.

Then I belive there is nothing else is left for us to look in SEPM. I guess your Syslog server is doing some smart filtering please check with the cocerned team.