This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA is not bringing logs from symantec semp anymore

OrnaldoNaqellar
Beginner
Beginner

‎2019-02-04 09:11 AM

Hello,

 

I have configured Symantec Server to send the logs into external logging: in my log collector. I have done the config in symantec server via management console following the guide. I'm searching into event sources for device.type = 'symantecav'. It's not bringing logs. The port 514 is open. Any idea please ? 

 

In symantec console i have configured the filter for logs such as: client logs: control logs and security log.

0 Likes
1 REPLY 1

EricPartington
Employee
Employee

‎2019-02-04 11:37 AM

Tcpdump on the SEP server or the log decoder to make sure that the data is leaving the box and getting to RSA NetWitness.

 

Also search by device.ip in NetWitness to make sure that the device type you think it should be is being captured (it could be in unknown state and needs a parser enabled on the log decoder for your Symantec device type)

 

 

© 2022 RSA Security LLC or its affiliates. All rights reserved.