Qradar and Syslog show localhost instead of the SEDR hostname
book
Article ID: 192180
calendar_today
Updated On:
Products
Advanced Threat Protection PlatformEndpoint Detection and Response
Issue/Introduction
When reviewing Symantec Endpoint Detection and Response (SEDR) logs on either QRadar or a Syslog server, localhost is displayed instead of the SEDR hostname.
Cause
The syslog service uses the hostname of the SEDR appliance, localhost.localdomain by default, when sending syslog entries.
Resolution
Change the hostname of the SEDR appliance by performing the following steps.
Log in to the SEDR CLI as 'admin'
Run the command hostname <new.hostname>
Reboot the appliance for the changes to take effect