Adding Symantec DLP devices
Note: Ensure Log360 Cloud agent is installed on at least one Windows device in your network. To configure the agent, follow the steps provided
here.
- In the Log360 Cloud console, navigate to Settings -> Configuration Settings -> Log source configuration -> Applications -> Security Applications -> Add Security Applications
- Select Add-on type as Symantec DLP
- Expand the list by clicking the "+" icon to add a new device.
- Choose from the drop-down menu to add Configured devices, Workgroup devices, domain devices, etc.
- To add new devices manually, click on Configure Manually and enter Log Source.
- Click on Select and Add to add the log source.
- Use the Select Agent dropdown to select the device that is the agent to which the logs will be forwarded.
- The applications will now be added for monitoring.
Configuring the Syslog Service on Symantec DLP devices
- Locate and open the config\Manager.properties file. The file path is as follows:
- Windows - \SymantecDLP\Protect\config directory
- Linux - /opt/SymantecDLP/Protect/config directory
- Uncomment the systemevent.syslog.host= line and specify the IP address or host name of the Log360 Cloud Agent server. as follows:
- systemevent.syslog.host=xxx.xx.xx.xxx
- Uncomment the systemevent.syslog.port= line and specify Any port that the Log360 Cloud agent server is listening to as the port to accept connections from the Symantec Enforce Server as follows:
- systemevent.syslog.port=Any port that the Log360 Cloud agent server is listening to
- After making the above mentioned changes, save and close the properties file.
