Adding Symantec DLP devices

• In the Log360 Cloud console, navigate to Settings -> Configuration Settings -> Log source configuration -> Applications -> Security Applications -> Add Security Applications

• Select Add-on type as Symantec DLP
• Expand the list by clicking the "+" icon to add a new device.
• Choose from the drop-down menu to add Configured devices, Workgroup devices, domain devices, etc.

• To add new devices manually, click on Configure Manually and enter Log Source.
• Click on Select and Add to add the log source.
• Use the Select Agent dropdown to select the device that is the agent to which the logs will be forwarded.

• The applications will now be added for monitoring.

Configuring the Syslog Service on Symantec DLP devices

1. Locate and open the config\Manager.properties file. The file path is as follows:
• Windows - \SymantecDLP\Protect\config directory
• Linux - /opt/SymantecDLP/Protect/config directory
2. Uncomment the systemevent.syslog.host= line and specify the IP address or host name of the Log360 Cloud Agent server. as follows:
• systemevent.syslog.host=xxx.xx.xx.xxx
3. Uncomment the systemevent.syslog.port= line and specify 514 as the port to accept connections from the Symantec Enforce Server as follows:
• systemevent.syslog.port=514
4. After making the above mentioned changes, save and close the properties file.