This article details the prerequisites for installation and configuration of a Symantec Event Agent (SEA) Off-Box server for MSS log collection.
Where a SEA Off-Box installation is required for MSS log collection, the SEA may be installed locally to read log files from the application server itself (e.g. Microsoft IIS or Apache Web Services), or multiple application servers may store their log files on a single server for collection by the SEA. You can discuss and plan your SEA Off-Box deployment with the MSS Symantec Onboarding team. The diagrams below are provided for a high-level configuration overview.
Symantec Engineers need to work with customers to configure the SEA and establish a secure relationship with the LCP. The following prerequisites must be met prior to configuration by the Engineer.
The Off-Box server must meet the following minimum specification.
|4||4 GB||1 GB*|
* Disk space required for SEA installation. Additional disk space will be required for log collection and processing which will be dependent on Log Events Per Second (LEPS). An additional 1 GB of disk space per device type to be collected is suggested.
The following access must be available to/from the Off-Box server.
|LCP to Off-Box Communication||LCP||Off-Box Server||TCP/5998|
|Off-Box to LCP Communication||Off-Box Server||LCP||TCP/443|
|Symantec Live Update||Off-Box Server||
|DNS||Off-Box Server||Local DNS Server||
A user account with Local Administrator rights must be available to install the SEA.
Where the SEA reads log files from a file location (either locally or on another server accessed by a fileshare protocol such as SMB or CIFS), folders/directories must be shared with read-only access and any sub-folders/directories must inherit these permissions. Configuration and maintenance of fileshares and permissions will be the responsibility of the local server and network administrators.
Where FTP is used to transfer log files to the Off-Box server, configuration and maintenance of the file transfer will be the responsibility of the local server and network administrators.