search cancel

Application and Device Control logs not forwarded to SIEM

book

Article ID: 173142

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have configured your Symantec Endpoint Protection Manager to forward logs to your Security Information and Event Management (SIEM). You notice that Application and Device Control logs are not being forwarded. Other types of Symantec Endpoint Protection logs are being forwarded as expected.

Cause

Your Symantec Endpoint Protection Manager is not configured to forward Application and Device Control logs.

Resolution

Navigate to your Symantec Endpoint Protection Manager external logging settings (Admin > Local Site > Configure External Logging). Select the "Log Filter" tab. Check that the "Control Log" box is checked and configure the severity for Client Logs that will be forwarded according to your environment.

Attachments