Encryption Management Server can be configured to send all its logs to an external syslog server such as Splunk.
Symantec Encryption Management Server 10.5 and above.
To configure an external syslog server, please do the following:
To test, log off the administration console and back on again. This action generates an entry in the Administration log which should be received by the remote server. For example:
Administrator admin from 10.1.2.3 logged in