All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Does the Splunk Add-on for Symantec Endpoint Protection work with SEPM 12.x logs collected via Syslog?

klaxdal
Contributor
‎06-30-2015 04:07 AM

Hi I am currently acquiring SEPM logs via syslog and utilizing the old Symantec app . I noticed in the documentation that log dump files are required . Will the app work with syslog output ?

Reply
1 Solution
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎07-08-2015 09:52 AM

knowledge management is applied to the sourcetype. If the data in your syslog stream is structured the same as in the dump files, then applying the same sourcetype should make it work.

View solution in original post

Reply
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎07-08-2015 09:52 AM

knowledge management is applied to the sourcetype. If the data in your syslog stream is structured the same as in the dump files, then applying the same sourcetype should make it work.

Reply
Solved! Jump to solution

klaxdal
Contributor
‎07-08-2015 10:08 AM

Thanks ! I will give it a try

0 Karma
Reply
Solved! Jump to solution

jwalzerpitt
Influencer
‎11-12-2015 08:17 AM

What sourcetype needs to be applied?

I am sending Symantec logs via syslog to my Splunk server in which one file per day is written to disk and I have Splunk monitoring the directory. The issues I have are 1) How to configure the inputs.conf file (does every line in the stanza simply point to the same directory?), and 2) What sourcetype do I select to ensure Splunk correctly parses out various Symantec log formats from the one log file

Thx,
Jeff

0 Karma
Reply
Solved! Jump to solution

jorgepinto1
Explorer
‎07-13-2015 02:33 PM

The structure of the logs is different from those written on disk. Also, anyone know any expedite way to rotate the logs written on disk by SEP?

0 Karma
Reply
Solved! Jump to solution

ppablo
Retired
‎06-30-2015 11:13 AM

Hi @klaxdal

Just to clarify for other users, but are you referring to the Splunk Add-on for Symantec Endpoint Protection? That's what you tagged in your post, but you mentioned using the "old Symantec app". Were you actually referring to the "Splunk for Symantec" app?
https://splunkbase.splunk.com/app/1365/

0 Karma
Reply
Solved! Jump to solution

klaxdal
Contributor
‎07-01-2015 08:32 AM

Correct - to clarify I am using the old TA's which allow me to retrieve the logs via Syslog . Can I set this up as the same ?

Kris

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...