![]() Hopefully this helps clarify things and doesn’t cause additional confusion.Īnd to answer the second part of your question, no, you will not need to configure multiple Symantec Endpoint Protection connectors as the single connector configured to read from /var/log/local6.log will read the logs checked in Step 7 of “ To configure Symantec Endpoint Protection to log to your LEM appliance” section of our KB article. So if you use the list below as a guide and configured SEP with 22 for the logging facility you will want to configure the Symantec Endpoint Protection connector within LEM with the /var/log/local6.log Log File path.ĥ messages generated internally by syslogd However there are a number of products, such as Symantec Endpoint Protection that use the number associated with the facility instead of the name. Most products allow you to specify the facility by name i.e. Syslog Servers have a number of Syslog Message Facilities and each facility has a name and number associated with it (as indicated from the list below). ![]() In addition I don't know if I have configure the log path in LEM appliance under SEP if so were is default path for SEP logs since SEP saves logs in multiple location. Then when you configuring LEM device it stats in step 6 " If you entered a Log Facility value other than 22 in SEP, verify the Log File value in your LEM tool matches the Log Facility defined in Step 5 above." Note: The Log Facility value in SEP is equal to the local facility on your LEM appliance plus 16, so the default local facility of local6 in the SEP tool for the LEM Manager equates to Log Facility 22 in SEP." streamlined, cloud-native console to manage and protect all your devices in a. Allow approximately 30-90 seconds for the client to update. Sophos Intercept X next-gen endpoint protection consistently gets top. I think I know why but not 100% sure, I need some clarification on one of the steps.įor step 5 for configuring SEP it stats " Enter 22 in the Log Facility field. Open the PreferredGroup value and replace the data with the path to the new group. ![]() I followed the steps but no luck on receiving logs. The only documentation that found was for SEP v11. Here, you can edit the Group Name, Description. I am trying to integrate SEP version 12 with LEM. On the table row of a specific device group, Update icon is available to edit the selected device group. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |