Does Endpoint Detection and Response support the use of secure Syslog traffic?
book
Article ID: 228440
calendar_today
Updated On:
Products
Endpoint Detection and Response
Issue/Introduction
Does Endpoint Detection and Response (EDR) support the use of secure Syslog traffic?
You are unable to use the secure syslog port 6514 for your syslog configuration.
You may also be asking Is EDR capable of using secure syslog connections or what information is forwarded to a syslog server connection in EDR?
Environment
All versions of EDR.
Cause
Secure syslog configurations do not function.
No syslog forwarding occurs when a secure syslog connection using port 6514 is configured and in use on EDR.
Secure syslog encryption is not supported.
Resolution
ECC, Endpoint Activity Recorder, and Search data are not forwarded to syslog that the encryption offered by secure syslog would not be necessary.
Secure syslog traffic is not a supported function of the current EDR product as of the date this article was published.
Additional Information
For more information on syslog server connections in EDR please navigate to the Symantec EDR help page for your version of EDR (4.x) and look for the section titled About syslog server connections. This section explains what information is forwarded and how it is formatted.