Device Details

Vendor

Symantec

Device Type

Symantec Endpoint Server

Supported Model Name/Number

N/A

Supported Software Version(s)

All

Collection Method

Syslog

Configurable Log Output?

Yes

Log Source Type

Syslog - Symantec Endpoint Server

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

N/A

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
V 2.0 : Catch All : SEPM System EventsAll<severity>, <tag1>, <dname>, <subject>, <tag2>
V 2.0 : General SEP LiveUpdate InformationAll<dname>, <subject>, <tag1>
V 2.0 : Inbound SEP Host Packet EventsAll<dname>, <dip>, <dport>, <sip>, <sname>, <sport>, <process>, <action>, <tag1>
V 2.0 : Inbound SEP Host Traffic EventsAll

<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <tag1>, <hash>, <domainimpacted>

V 2.0 : Inbound SEP Malcious Activity DetectedAll<sip>, <sname>, <dip>, <dname>, <sport>, <dport>, <smac>, <dmac>, <protname>, <account>, <domainimpacted>, <subject>, <threatname>, <threatid>, <hash>, <url>, <quantity>, <tag2>, <tag1>
V 2.0 : Outbound SEP Host Packet EventsAll<sname>, <sip>, <dip>, <sport>, <dname>, <dport>, <process>, <action>
V 2.0 : Outbound SEP Host Traffic EventsAll<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protnum>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash>
V 2.0 : Outbound SEP Malcious Activity DetectedAll<sname>, <sip>, <sport>, <smac>, <dip>, <dname>, <dport>, <dmac>, <protname>, <quantity>, <policy>, <process>, <login>, <action>, <domainorigin>, <tag1>, <hash>, <subject>, <sport>, <threatid>, <tag2>, <threatname>
V 2.0 : SEP Administrative EventsAll<severity>, <dname>, <login>, <subject>, <tag1>
V 2.0 : SEP General Agent Activity MessagesAll<dname>, <subject>, <sname>, <login>, <domainorigin>
V 2.0 : SEP General Agent System MessagesAll<severity>, <dname>, <subject>, <tag1>, <tag2>
V 2.0 : SEP General Object Access MessageAll<sname>, <sip>, <action>, <tag1>, <subject>, <command>, <tag2>, <policy>, <processid>, <process>, <object>, <login>, <domainorigin>, <size>, <objecttype>
V 2.0 : SEP General Suspicious Activity DetectedAll<dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1>
V 2.0 : SEP Logs PurgedAll<dname>, <object>, <subject>, <quantity>, <tag1>
V 2.0 : SEP Malware Scan InformationAll

<dip>, <dname>, <domainimpacted>, <command>, <result>, <status>, <duration>, <tag1>

V 2.0 : SEP Policy InformationAll<dname>, <login>, <subject>, <tag1>, <policy>
V 2.0 : SEP SONAR General Susp. Activity DetectedAll<severity>, <dip>, <dname>, <account>, <domainorigin>, <process>, <object>, <subject>, <threatname>, <hash>, <url>, <action>, <quantity>, <size>, <tag2>, <tag1>
V 2.0 : SEP Update InformationAll<sname>, <object>, <subject>, <tag1>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.621.0N/AN/ALog Source Optimization changes