Adding Symantec Endpoint Protection devices

• In the Log360 Cloud console, navigate to Settings -> Configuration Settings -> Log source configuration -> Applications -> Security Applications -> Add Security Applications

• Select Add-on type as Symantec endpoint protection
• Expand the list by clicking the "+" icon to add a new device.
• Choose from the drop-down menu to add Configured devices, Workgroup devices, domain devices, etc.

• To add new devices manually, click on Configure Manually and enter Log Source.

• Click on Select and Add to add the log source.
• Use the Select Agent dropdown to select the device that is the agent to which the logs will be forwarded.
• The applications will now be added for monitoring.

Configuring the Syslog Service on Symantec Endpoint Protection devices

1. Login to the Symantec Endpoint Protection device as an administrator.
2. Navigate to Admin > Servers. Select the local site or remote site from which log data must be exported.
3. Click Configure External Logging.
4. In the General tab, from the Update Frequency list, choose how often log data should be sent to the file.
5. In the Master Logging Server list, select the management server to which the logs should be sent.
6. Check the Enable Transmission of Logs to a Syslog Server option.
7. Enter the following details in the given fields.
• Syslog Server - Enter the IP address or host name of the Log360 Cloud Agent server.
• Destination Port - Select the protocol to use and enter the destination port that the Log360 Cloud agent server is listening on.
• Log Facility - Enter the number of the log facility that you want the Syslog configuration file to use. Valid values range from 0 to 23. Alternatively, you could use the default.
8. Click OK.