Skip to main content
Skip table of contents

Syslog - Symantec Endpoint Server

Device Details



Device Type

Symantec Endpoint Server

Supported Model Name/Number


Supported Software Version(s)


Collection Method


Configurable Log Output?


Log Source Type

Syslog - Symantec Endpoint Server

Log Processing Policy

LogRhythm Default v2.0



Additional Information


Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
V 2.0 : Catch All : SEPM System EventsAll<severity>, <tag1>, <dname>, <subject>, <tag2>
V 2.0 : General SEP LiveUpdate InformationAll<dname>, <subject>, <tag1>
V 2.0 : Inbound SEP Host Packet EventsAll<dname>, <dip>, <dport>, <sip>, <sname>, <sport>, <process>, <action>, <tag1>
V 2.0 : Inbound SEP Host Traffic EventsAll

<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <tag1>, <hash>, <domainimpacted>

V 2.0 : Inbound SEP Malcious Activity DetectedAll<sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <smac>, <dmac>, <protname>, <account>, <domainimpacted>, <subject>, <threatname>, <threatid>, <hash>, <url>, <quantity>, <tag2>, <tag1>
V 2.0 : Outbound SEP Host Packet EventsAll<sname>, <sip>, <dip>, <sport>, <dname>, <dport>, <process>, <action>
V 2.0 : Outbound SEP Host Traffic EventsAll<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash>
V 2.0 : Outbound SEP Malcious Activity DetectedAll<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash>, <subject>, <sport>, <threatid>, <tag2>, <threatname>
V 2.0 : SEP Administrative EventsAll<severity>, <dname>, <login>, <subject>, <tag1>
V 2.0 : SEP General Agent Activity MessagesAll<dname>, <subject>, <sname>, <login>, <domainorigin>
V 2.0 : SEP General Agent System MessagesAll<severity>, <dname>, <subject>, <tag1>, <tag2>
V 2.0 : SEP General Object Access MessageAll<sname>, <sip>, <action>, <tag1>, <subject>, <command>, <tag2>, <policy>, <processid>, <process>, <object>, <login>, <domainorigin>, <size>, <objecttype>
V 2.0 : SEP General Suspicious Activity DetectedAll<dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1>
V 2.0 : SEP Logs PurgedAll<dname>, <object>, <subject>, <quantity>, <tag1>
V 2.0 : SEP Malware Scan InformationAll

<dip>, <dname>, <domainimpacted>, <command>, <result>, <status>, <duration>, <tag1>, <subject>, <quantity>, <objecttype>

V 2.0 : SEP Policy InformationAll<dname>, <login>, <subject>, <tag1>, <policy>
V 2.0 : SEP SONAR General Susp. Activity DetectedAll<severity>, <dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1>
V 2.0 : SEP Update InformationAll<sname>, <object>, <subject>, <tag1>

Revision History

KB Version

Log Type

Change Type


KB 7.1.621.0N/AN/ALog Source Optimization changes
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.