Jun 11 12:24:51 SymantecServer sjdevswinapp05: Site: Site sjdevswinapp05,Server: sjdevswinapp05,Domain: Default,Admin: admin,Administrator log on succeededįeb 23 13:08:29 SymantecServer sjdevswinapp05: Virus found,Computer name: Filer,Source: Real Time Scan,Risk name: EICAR Test String,Occurrences: 1,C:/Documents and Settings/Administrator.PROSPECTHILLS/Local Settings/Temp/,"",Actual action: Cleaned by deletion,Requested action: Cleaned,Secondary action: Quarantined,Event time: 21:06:51,Inserted: 21:08:29,End: 21:06:51,Domain: Default,Group: Global\Prospecthills,Server: sjdevswinapp05,User: Administrator,Source computer: ,Source IP: 0.0.0.0 Jun 11 12:24:38 SymantecServer sjdevswinapp05: Site: Site sjdevswinapp05,Server: sjdevswinapp05,Domain: Default,Admin: admin,Administrator log on failed Go to Admin> Configure External Logging > Servers > Log Filter.For Syslog Server, enter the IP address of the FortiSIEM virtual appliance.Ĭonfiguring the Types of Logs to Send to FortiSIEM.Select Enable Transmission of Logs to a Syslog Server.Go to Admin> Configure External Logging > Servers > General.Log in to Symantec Endpoint Protection Manager.Symantec Endpoint Protection Configuration SyslogįortiSIEM processes events from this device via syslogs sent by the device.Ĭonfiguring Log Transmission to FortiSIEM In ADMIN > Device Support > Event, search for "symantec endpoint" in the Device Type and Description columns to see the event types associated with this device. Symantec Endpoint Protection Configuration.
0 kommentar(er)
