Enable this integration with the log file input. Read from the location where the log files are being written. The default isĬ:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\dump\*.log. Logs exported to text file always begin with the event time and severityĬolumns (e.g. Log samplesīelow are samples of some different SEP log types. Site: SEPSite,Server Name: exampleserver,Domain Name: Default,The management server received the client log successfully,TESTHOST01,sampleuser01, Agent Behavior LogĮxampleserver,216.160.83.57,Blocked, Block scripts - Caller MD5=d73b04b0e696b0945283defa3eee4538,File Write,Begin: 15:18:56,End: 15:18:56,Rule: Rule Name,9552,C:/ProgramData/bomgar-scc-0x5d4162a4/bomgar-scc.exe,0,No Module Name,C:/ProgramData/bomgar-scc-0x5d4162a4/start-cb-hook.bat,User: _originUser,Domain: _domainOrigin,Action Type: ,File size (bytes): 1403,Device ID: SCSI\Disk&Ven_WDC&Prod_WD10SPCX-75KHST0\4&1d8ead7a&0&000200 Agent Packet LogĮxampleserver,Local Host: 81.2.69.143,Local Port: 138,Remote Host IP: 81.2.69.144.,Remote Host Name: ,Remote Port: 138,Outbound,Application: C:/windows/system32/NTOSKRNL.EXE,Action: Blocked Agent Proactive Detection Log Site: SEPSite,Server: SEPServer,Domain: _domainOrigin,Admin: _originUser,Administrator log on succeeded Agent Activity Log Oct 3 10:38:14 SymantecServer: Administrative Log Syslog header removed, but when sent over syslog these lines typically
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |