Syslog Server not sending information & warning events

book

Article ID: 159571

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The user is not able to get the information and Warning events, the system only sends Severe events via Syslog.

Resolution

It's working as per design. The user will not be able to get the information and warning events, the system only sends Severe events via Syslog Server. DLP (Data Loss Prevention) is integrated with IT Analytics which provides the same feature of reporting for DLP.

For ITA configuration, please contact the ITA team. Please find the link below for IT Analytics user guide:

http://www.symantec.com/business/support/index?page=content&id=DOC5526&key=56005  

 

Update:

As of DLP 15.0 and later you have the ability to set the log level to include INFO and WARNING along with SEVERE.

For reference:

  • Log level 3 = logs SEVERE messages only (this is default)
  • Log level 4 = Logs SEVERE and WARNING
  • Log level 5 = logs INFO, WARNING, SEVERE

Steps to implement:

  1. Install/Upgrade to DLP 15.0 on your system.
  2. Open manager.properties as indicated above.
  3. Find the following line:  systemevent.syslog.level = x​
  4. Change the value of x to either 3, 4, or 5 (the default value is 3)