search cancel

Integrating Endpoint Detection and Response with syslog servers

book

Article ID: 174334

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You seek to know how to integrate your Symantec Endpoint Detection and Response (SEDR) with a syslog server.

Resolution

Configure EDR to connect to a syslog server

  1. Configure EDR to either use a default syslog server or custom syslog connection for a single device
    1. To configure the syslog server connection for the default appliance do the following
      1. Do one of the following:
        • In the EDR cloud console, click Environment -> Settings, select an appliance and then click Appliances.
        • In the EDR appliance console, click Settings -> Appliances.
      2. Click Edit Default Appliance.
    2. To configure a custom syslog server connection for a single device do the following
      1. Do one of the following:
        • In the EDR cloud console, click Environment -> Settings, select an appliance and then click Appliances.
        • In the EDR appliance console, click Settings -> Appliances.
      2. Double-click the device in the Appliances list.
      3. In the Syslog section, uncheck Use default, if it is checked.
  2. Click +Add Syslog Server.
  3. In the Add Syslog Server dialog box, in the Host field, type the IP address of the syslog server.
  4. In the Protocol field, select the appropriate protocol.
  5. In the Port field, type the port on the syslog server that accepts syslog messages.
    Syslog usually uses port 514.
  6. Click Save.

For more information, please refer to: About syslog server connections