Symantec Endpoint Solutions
EventLog Analyzer collects log data from Symantec Endpoint Solutions and presents it in the form of graphical reports. For the solution to start collecting this log data from, it has to be added as a threat source.
Adding a Symantec Endpoint Solutions device as a threat source:
To add a Symnatec Endpoint Solutions device as a threat source, the syslog service has to be configured.
- Login to the Symantec Endpoint Protection device as an administrator.
- Navigate to Admin > Servers. Select the local site or remote site from which log data must be exported.
- Click Configure External Logging.
- In the General tab, from the Update Frequency list, choose how often log data should be sent to the file.
- In the Master Logging Server list, select the management server to which the logs should be sent.
- Check the Enable Transmission of Logs to a Syslog Server option.
- Enter the following details in the given fields.
- Syslog Server- Enter the EventLog Analyzer IP address or domain name .
- Destination Port - Select the protocol to use and enter the destination port that the Syslog server should use to listen for Syslog messages.
- Log Facility - Enter the number of the log facility that you want the Syslog configuration file to use. Valid values range from 0 to 23. Alternatively, you could use the default values.
- Click on OK.
- In the EventLog Analyzer console, navigate to Settings > Log Source Configurations > Applications > Security Applications > Add Security Applications
- Select Add-on type as Symantec
- Expand the list by clicking the "+" icon to add a new device.
- Choose from the drop-down menu to add Configured devices, Workgroup devices, domain devices, etc.
- To add new devices manually, click on Configure Manually and enter Log Source >Select and click on Add.
Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.
The reports provide information on:
- Security risks
- Virus detected
- Port cans
- Installation of commercial applications
- Threat activities
- HIPS activities
EventLog Analyzer also provides reports on the top:
- Affected devices
- Source devices
- Risks
- Problems