An administrator attempts to configure external logging in SEPM for Syslog server. They want to configure the logging to be sent by TCP 514 and enters this in the SEPM. The administrator clicks Okay and then reopens the GUI and it reflects TCP 1468, even though he sees the traffic on TCP 514 from SEPM to Syslog.
Though the SEPM does not reflect that the port has changed, the save is successfully stored in the Database. Even though the SEPM will indicate that the port in use is TCP 1468, the syslog server will be forwarded information over port TCP 514. The issue is cosmetic only.
This issue has been fixed in Symantec Endpoint Protection 11 Release Update 6a Maintenance Patch 2 (RU6a MP2). For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x