Universal Event Collectors let you collect events from a point product when a Symantec Event Collector is not available for that point product. You define a custom event parsing definition so that Information Manager can interpret the events.
You configure a Universal collector like you configure all other collectors: by creating a sensor configuration and defining sensor properties. You then set up a custom event parsing definition.
The following Universal Event Collectors are available:
Universal Syslog Event Collector
Collects events from products that log events by using the Syslog protocol.
Universal Event Collector for Microsoft Windows Vista
Collects events from Microsoft Windows Vista, Windows Server 2008, and Windows 7 event logs.
For detailed information on installation and configuration, see the Symantec™ Universal Event Collectors 4.4 for Symantec Security Information Manager 4.7 Implementation Guide.