Latest Posts

LogRhythm Remote Windows Log Collection Integration with Symantec SEPM MS SQL DB

This post describes how to configure LogRhythm Agnet to collect the Symantec SEPM logs through MS SQL DB.


Method 1 - Syslog Forwarding


1  This is traditional way to forward logs from SEPM to Syslog servers, such as ArcSight, Splunk, Qradar, LogRhythm, etc. 

Note: SEPM does not support multiple syslog servers. Only one host can be configured and supported.

Procedure

  • Log in to your Symantec Endpoint Protection Manager system.
  • In the left pane, click the Admin icon.
  • In the bottom of the View Servers pane, click Servers.
  • In the View Servers pane, click Local Site.
  • In the Tasks pane, click Configure External Logging.
  • From the Generals tab, select the Enable Transmission of Logs to a Syslog Server check box.
  • In the Syslog Server field, type the IP address of your Syslog Server that you want to parse the logs.
  • In the UDP Destination Port field, type 514.
  • In the Log Facility field, type 6.
  • In the Log Filter tab, under Management Server Logs, select the Audit Logs check box.
  • In the Client Log pane, select the Security Logs check box.
  • In the Client Log pane, select the Risks check box.
  • Click OK.



Method 2 - ODBC Connection

2 






Configuration Steps
















No comments