You need to configure Symantec Data Loss Prevention (DLP) to send data to a syslog server.

Refer to the DLP Admin guide for configuration steps for each option below.

• DLP server events can be sent by configuring the Manager.properties file on the Enforce server.
• Incident data can also be sent to a syslog server. This process requires creating a response rule and assigning the response rule to various policies.

For specific information on sending incident data to a Splunk syslog server refer to the Splunk website, https://docs.splunk.com/Documentation/AddOns/released/SymantecDLP/Setup