Jul 19 13:50:47 sav-1sepmpr001 SymantecServer: SCNX-5CG1404SBV,Event Description: Web Attack: Malicious Java Payload Upload 9 attack blocked.
Verify that logs are being received on the RIN using the following command: tcpdump -i eth0 udp port 514 -v -A Log in to the Remote Ingestion Node (RIN). Select Audit Logs under Management Server Logs. Log Facility: Enter the number of the log facility that you want the syslog configuration file to use, or use the default.Ĭomplete the following steps for Log Filter: Syslog Server: Enter the IP address or domain name of the Remote Ingester Node that you want to receive the log data.ĭestination Port: Select the protocol to use, and type the destination port that the Syslog server uses to listen for Syslog messages. Note: If you use SQL Server and connect multiple management servers to the database, specify only one server as the Master Logging Server.Ĭheck Enable Transmission of Logs to a Syslog Server. Select the management server to which to send logs from the Master Logging Server list box.
Select how often to send the log data to the file based on preference. Configuring Symantec Endpoint Protection to Send Syslog Events to the RINĬlick the local site or remote site from which you want to export log data. When you configure Symantec Endpoint Protection Manager (SEPM) to send log data to the RIN Console, you can use the Symantec Endpoint Protection Access Manager Console to translate raw log data into normalized events for analysis. Complete the following steps to configure the Symantec Endpoint Protection connection: Symantec Endpoint Protection Access (SEPM)
0 kommentar(er)
