Qradar and Syslog show localhost instead of the SEDR hostname
Article ID: 192180
Advanced Threat Protection Platform
Endpoint Detection and Response
When reviewing Symantec Endpoint Detection and Response (SEDR) logs on either QRadar or a Syslog server, localhost is displayed instead of the SEDR hostname.
The syslog service uses the hostname of the SEDR appliance, localhost.localdomain by default, when sending syslog entries.
Change the hostname of the SEDR appliance by performing the following steps.
- Log in to the SEDR CLI as 'admin'
- Run the command
- Reboot the appliance for the changes to take effect