Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Symantec Endpoint Protection

    The Symantec Endpoint Protection DSM for JSA accepts events by using syslog.

    JSA records all Audit and Security log events. Before you configure a Symantec Endpoint Protection device in JSA, you must configure your device to forward syslog events.

    1. Log in to the Symantec Endpoint Protection Manager
    2. On the left pane, click the Admin icon.

      The View Servers option is displayed.

    3. From the bottom of the View Servers pane, click Servers.
    4. From the View Servers pane, click Local Site.
    5. From the Tasks pane, click Configure External Logging.
    6. On the Generals tab, select the Enable Transmission of Logs to a Syslog Server check box.
    7. In the Syslog Server field, type the IP address of your JSA you want to parse the logs.
    8. In the UDP Destination Port field, type 514.
    9. In the Log Facility field, type 6.
    10. In the Log Filter tab:
      1. Under the Management Server Logs, select the Audit Logs check box.

    11. Under the Client Log pane, select the Security Logs check box.
    12. Under the Client Log pane, select the Risks check box.
    13. Click OK.
    14. You can now configure the log source in JSA.

      To configure JSA to receive events from a Symantec Endpoint Protection device:

      1. From the Log Source Type list, select the Symantec Endpoint Protection option.

    Modified: 2016-09-22