search cancel

Does Symantec EDR support the use of secure Syslog traffic?

book

Article ID: 228440

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

  • You are unable to use the secure syslog port 6514 for your syslog configuration.
  • You may also be asking Is EDR capable of using secure syslog connections or what information is forwarded to a syslog server connection in Symantec EDR?

Cause

  • Secure syslog configurations do not function.
  • No syslog forwarding occurs when a secure syslog connection using port 6514 is configured and in use on EDR.
  • Secure syslog encryption is not supported.

Environment

All versions of EDR.

Resolution

The determination was made by the product team that since ECC, endpoint activity recorder, and search data are not forwarded to syslog that the encryption offered by secure syslog would not be necessary. 

Secure syslog traffic is not a supported function of the current EDR product as of the date this article was published.

What do I do if I need a new product feature in my environment?

The option to Submit a suggestion for Symantec products exists and should be used for any product feature requests that you wish to make.

Additional Information

For more information on syslog server connections in EDR please navigate to the Symantec EDR help page for your version of EDR (4.x) and look for the section titled About syslog server connections.  This section explains what information is forwarded and how it is formatted.