Endpoint Protection

 View Only
  • 1.  How to configure external logging for SSIM in Symantec Endpoint Protection?

    Broadcom Employee
    Posted Oct 06, 2009 08:27 PM
    Hi everyone...

    How to configure external logging for SSIM in Symantec Endpoint Protection?

    Thanks in advance...



  • 2.  RE: How to configure external logging for SSIM in Symantec Endpoint Protection?

    Broadcom Employee
    Posted Oct 06, 2009 08:56 PM
    Best I can find is in the SSIM forum, hope that helps. https://www-secure.symantec.com/connect/forums/help-how-can-i-collector-sep11-events


  • 3.  RE: How to configure external logging for SSIM in Symantec Endpoint Protection?

    Broadcom Employee
    Posted Oct 06, 2009 10:52 PM
    Hi,

    To configure external logging, you need to go to Admin-> Servers-> Local Site -> Configure External Logging configure external logging.JPG


    And I think the SSIM is able to accept the logs in syslog format. So if you provide the address of SSIM with the relevent information, it should be able to forward the logs.

    Best,
    Aniket


  • 4.  RE: How to configure external logging for SSIM in Symantec Endpoint Protection?

    Posted Jan 31, 2010 08:31 AM
    Hi Aniket , do you have any Idea which facility level should be used .


  • 5.  RE: How to configure external logging for SSIM in Symantec Endpoint Protection?

    Broadcom Employee
    Posted Jan 31, 2010 09:43 AM
    Using Syslog forwarding will work but it is not the best way, as the problem with any syslog (TCP/UDP) is that is target is down messages can be lost. (also suing syslog the mapping won't be good as it won't be correlating events with Deepsight GIN data.


    SSIM has special Symantec EndPoint Collector 4.3. This collector goes directly in the DB to collect information (it support SQL or Sybase)

    If you are using SSIM 4.6 or 4.7, this collector is alredy pre-installed onboard.


  • 6.  RE: How to configure external logging for SSIM in Symantec Endpoint Protection?
    Best Answer

    Broadcom Employee
    Posted Mar 16, 2010 06:42 PM
    Laurent_C that is correct.

    I completed the configuration of SSIM to take information from SEPM with SQL server 2005 and the procedure was as follows:

    Install the SSIM agent on the SEP server.
    Install the collector on the SEP SEP server.
    Install the collector on the SEP State SEP server.
    Install from SSIM client on the SEPM server
    Configure the sensor on SSIM appliance.

    To">https://fileconnect.symantec.com/">To download the collectors must do so from: https: / / fileconnect.symantec.com /

    The">http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009041008073654">The driver for SQL server must be downloaded from: http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009041008073654
    download

    Thanks for the replies,

    Regards,