Does Endpoint Detection and Response (EDR) support the use of secure Syslog traffic?

• You are unable to use the secure syslog port 6514 for your syslog configuration.
• You may also be asking Is EDR capable of using secure syslog connections or what information is forwarded to a syslog server connection in EDR?

All versions of EDR.

• Secure syslog configurations do not function.
• No syslog forwarding occurs when a secure syslog connection using port 6514 is configured and in use on EDR.
• Secure syslog encryption is not supported.

ECC, Endpoint Activity Recorder, and Search data are not forwarded to syslog that the encryption offered by secure syslog would not be necessary. 

Secure syslog traffic is not a supported function of the current EDR product as of the date this article was published.

For more information on syslog server connections in EDR please navigate to the Symantec EDR help page for your version of EDR (4.x) and look for the section titled About syslog server connections.  This section explains what information is forwarded and how it is formatted.