Syslog Server not sending information & warning events

Article Id: 159571
Status: Published
Updated On: 08-01-2019 07:38
Legacy Id: TECH219046
Products:
Data Loss Prevention Enforce
Issue/Introduction:

The user is not able to get the information and Warning events, the system only sends Severe events via Syslog.

Resolution:

It's working as per design. The user will not be able to get the information and warning events, the system only sends Severe events via Syslog Server. DLP (Data Loss Prevention) is integrated with IT Analytics which provides the same feature of reporting for DLP.

For ITA configuration, please contact the ITA team. Please find the link below for IT Analytics user guide:

http://www.symantec.com/business/support/index?page=content&id=DOC5526&key=56005  

 

Update:

As of DLP 15.0 and later you have the ability to set the log level to include INFO and WARNING along with SEVERE.

For reference:

  • Log level 3 = logs SEVERE messages only (this is default)
  • Log level 4 = Logs SEVERE and WARNING
  • Log level 5 = logs INFO, WARNING, SEVERE

Steps to implement:

  1. Install/Upgrade to DLP 15.0 on your system.
  2. Open manager.properties as indicated above.
  3. Find the following line:  systemevent.syslog.level = x​
  4. Change the value of x to either 3, 4, or 5 (the default value is 3)