Integrating Endpoint Detection and Response with syslog servers
book
Article ID: 174334
calendar_today
Updated On:
Products
Endpoint Detection and Response
Issue/Introduction
You seek to know how to integrate your Symantec Endpoint Detection and Response (SEDR) with a syslog server.
Resolution
Configure EDR to connect to a syslog server
- Configure EDR to either use a default syslog server or custom syslog connection for a single device
-
To configure the syslog server connection for the default appliance do the following
- Do one of the following:
- In the EDR cloud console, click Environment -> Settings, select an appliance and then click Appliances.
- In the EDR appliance console, click Settings -> Appliances.
- Click Edit Default Appliance.
-
To configure a custom syslog server connection for a single device do the following
- Do one of the following:
- In the EDR cloud console, click Environment -> Settings, select an appliance and then click Appliances.
- In the EDR appliance console, click Settings -> Appliances.
- Double-click the device in the Appliances list.
- In the Syslog section, uncheck Use default, if it is checked.
- Click +Add Syslog Server.
- In the Add Syslog Server dialog box, in the Host field, type the IP address of the syslog server.
- In the Protocol field, select the appropriate protocol.
- In the Port field, type the port on the syslog server that accepts syslog messages.
Syslog usually uses port 514.
- Click Save.
Feedback
thumb_up
Yes
thumb_down
No