Message Image

Skip main navigation (Press Enter).

Data Center Security

View Only

Back to discussions

Expand all | Collapse all

Sending Datacenter Security Events to Syslog system

Migration UserJan 14, 2015 06:12 PM

I've got Symantec Datacenter Security v6.0 running on Windows 2012 R2 with a SQL Server 2012 instance. ...

Migration UserJan 15, 2015 11:34 AM

DCS does not push data. You pull the data directly from the database using the built-in read-only scsp_plugin ...

1. Sending Datacenter Security Events to Syslog system

0 Recommend
Migration User
Posted Jan 14, 2015 06:12 PM

Reply Reply Privately
I've got Symantec Datacenter Security v6.0 running on Windows 2012 R2 with a SQL Server 2012 instance. I need to be able to send the events that are generated by DCS to a syslog target. SEP has a way to configure as does DLP. Any suggestions on how to do this with DCS?
2. RE: Sending Datacenter Security Events to Syslog system

0 Recommend
Migration User
Posted Jan 15, 2015 11:34 AM

Reply Reply Privately
DCS does not push data. You pull the data directly from the database using the built-in read-only scsp_plugin SQL account.

Most 3rd party tools like SSIM, Splunk and ArcSight have a database connector.

Use this query for starts:

use SCSPDB
select * from CSPEVENT_VW where EVENT_ID > [the last event ID you pulled at the last poll]

Note that SCSPDB is the default name of the DCS database, you may have changed that.

Copyright 2019. All rights reserved.

Powered by Higher Logic