When configuring external logging in the Symantec Endpoint Protection Manager (SEPM) for a Syslog server using a TCP port other than the default port of 1468, the manager will not change the port setting and reverts back to the default TCP port of 1468

book

Article ID: 177558

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

An administrator attempts to configure external logging in SEPM for Syslog server. They want to configure the logging to be sent by TCP 514 and enters this in the SEPM. The administrator clicks Okay and then reopens the GUI and it reflects TCP 1468, even though he sees the traffic on TCP 514 from SEPM to Syslog.

Cause

Though the SEPM does not reflect that the port has changed, the save is successfully stored in the Database. Even though the SEPM will indicate that the port in use is TCP 1468, the syslog server will be forwarded information over port TCP 514. The issue is cosmetic only.

Resolution

This issue has been fixed in Symantec Endpoint Protection 11 Release Update 6a Maintenance Patch 2 (RU6a MP2). For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x