Syslog - Symantec Endpoint Server
Device Details
Vendor | Symantec |
|---|---|
Device Type | Symantec Endpoint Server |
Supported Model Name/Number | N/A |
Supported Software Version(s) | All |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog - Symantec Endpoint Server |
Log Processing Policy | LogRhythm Default v2.0 |
Exceptions | N/A |
Additional Information | N/A |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| V 2.0 : Catch All : SEPM System Events | All | <severity>, <tag1>, <dname>, <subject>, <tag2> |
| V 2.0 : General SEP LiveUpdate Information | All | <dname>, <subject>, <tag1> |
| V 2.0 : Inbound SEP Host Packet Events | All | <dname>, <dip>, <dport>, <sip>, <sname>, <sport>, <process>, <action>, <tag1> |
| V 2.0 : Inbound SEP Host Traffic Events | All | <sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <tag1>, <hash>, <domainimpacted> |
| V 2.0 : Inbound SEP Malcious Activity Detected | All | <sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <smac>, <dmac>, <protname>, <account>, <domainimpacted>, <subject>, <threatname>, <threatid>, <hash>, <url>, <quantity>, <tag2>, <tag1> |
| V 2.0 : Outbound SEP Host Packet Events | All | <sname>, <sip>, <dip>, <sport>, <dname>, <dport>, <process>, <action> |
| V 2.0 : Outbound SEP Host Traffic Events | All | <sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash> |
| V 2.0 : Outbound SEP Malcious Activity Detected | All | <sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash>, <subject>, <sport>, <threatid>, <tag2>, <threatname> |
| V 2.0 : SEP Administrative Events | All | <severity>, <dname>, <login>, <subject>, <tag1> |
| V 2.0 : SEP General Agent Activity Messages | All | <dname>, <subject>, <sname>, <login>, <domainorigin> |
| V 2.0 : SEP General Agent System Messages | All | <severity>, <dname>, <subject>, <tag1>, <tag2> |
| V 2.0 : SEP General Object Access Message | All | <sname>, <sip>, <action>, <tag1>, <subject>, <command>, <tag2>, <policy>, <processid>, <process>, <object>, <login>, <domainorigin>, <size>, <objecttype> |
| V 2.0 : SEP General Suspicious Activity Detected | All | <dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1> |
| V 2.0 : SEP Logs Purged | All | <dname>, <object>, <subject>, <quantity>, <tag1> |
| V 2.0 : SEP Malware Scan Information | All | <dip>, <dname>, <domainimpacted>, <command>, <result>, <status>, <duration>, <tag1>, <subject>, <quantity>, <objecttype> |
| V 2.0 : SEP Policy Information | All | <dname>, <login>, <subject>, <tag1>, <policy> |
| V 2.0 : SEP SONAR General Susp. Activity Detected | All | <severity>, <dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1> |
| V 2.0 : SEP Update Information | All | <sname>, <object>, <subject>, <tag1> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.621.0 | N/A | N/A | Log Source Optimization changes |