Idea ID 2866604
I am looking for the help to fix the issue which i have been facing with Arcsight logger and Symantec endpoint protection.
Somehow unable to see specific logs on the logger which have been forwarded by Symantec EP server.
I was told by the Arcsight support that the current version of Symantec ( 14.3 MP1 Build 1169) is not supported. Surprise to hear that since this was working till Feb 28. We were able to get the logs without any issues.
Here are some details related to the existing setup
1. Logger: 220.127.116.1104.0
2. Connector-Windows 2016 with flex connector
3. Source -Symantec server version is 14.3 MP1 Build 1169.
Looking for the help to setup the connector which will fetch all the logs from the source.
Maybe a generic syslog connector?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.