search cancel

SEPM external logging delimits fields with the text "null" when sending logs.

book

Article ID: 163828

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection Manager (SEPM) sends logs to an external syslog server that use the text "null" as a delimiter rather than the "," character. This can cause processing of log entries by the syslog server to fail.

Cause

This can be caused by a misconfigured conf.properties file that is missing a configuration for an external log delimiter.

Resolution

This issue can be resolved through the following:

  • Open the conf.properties file in a text editor. This file is located under C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc by default.
  • Add the following line:
scm.extlog.deli=,
  • Save the changes to the file.
  • Restart the Symantec Endpoint Protection Manager service.