All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does the Splunk Add-on for Symantec Endpoint Protection work with SEPM 12.x logs collected via Syslog?

klaxdal
Contributor
‎06-30-2015 04:07 AM

Hi I am currently acquiring SEPM logs via syslog and utilizing the old Symantec app . I noticed in the documentation that log dump files are required . Will the app work with syslog output ?

Reply
1 Solution
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎07-08-2015 09:52 AM

knowledge management is applied to the sourcetype. If the data in your syslog stream is structured the same as in the dump files, then applying the same sourcetype should make it work.

View solution in original post

Reply
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎07-08-2015 09:52 AM

knowledge management is applied to the sourcetype. If the data in your syslog stream is structured the same as in the dump files, then applying the same sourcetype should make it work.

Reply
Solved! Jump to solution

klaxdal
Contributor
‎07-08-2015 10:08 AM

Thanks ! I will give it a try

0 Karma
Reply
Solved! Jump to solution

jwalzerpitt
Influencer
‎11-12-2015 08:17 AM

What sourcetype needs to be applied?

I am sending Symantec logs via syslog to my Splunk server in which one file per day is written to disk and I have Splunk monitoring the directory. The issues I have are 1) How to configure the inputs.conf file (does every line in the stanza simply point to the same directory?), and 2) What sourcetype do I select to ensure Splunk correctly parses out various Symantec log formats from the one log file

Thx,
Jeff

0 Karma
Reply
Solved! Jump to solution

jorgepinto1
Explorer
‎07-13-2015 02:33 PM

The structure of the logs is different from those written on disk. Also, anyone know any expedite way to rotate the logs written on disk by SEP?

0 Karma
Reply
Solved! Jump to solution

ppablo
Retired
‎06-30-2015 11:13 AM

Hi @klaxdal

Just to clarify for other users, but are you referring to the Splunk Add-on for Symantec Endpoint Protection? That's what you tagged in your post, but you mentioned using the "old Symantec app". Were you actually referring to the "Splunk for Symantec" app?
https://splunkbase.splunk.com/app/1365/

0 Karma
Reply
Solved! Jump to solution

klaxdal
Contributor
‎07-01-2015 08:32 AM

Correct - to clarify I am using the old TA's which allow me to retrieve the logs via Syslog . Can I set this up as the same ?

Kris

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...