-
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
Created On
byJosh Kee
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |
You are here:
- KB Home
- Symantec Articles
- Symantec DLP Enforce
- Generating Syslog messages from Symantec Data Loss Prevention
< Back
DLP supports two methods for generating Syslog events: “Syslog Response Rule” notifications and “Syslog Server Alerts”.
- Creating a Syslog Response Rule
- When creating an Automated Response Rule, select ‘Log to a Syslog Server‘ as the action. Fill in the Host, Port, Message, and Level as appropriate. Once assigned to a Policy, the Response Rule will generate a syslog event when triggered.
- The creation of a “Syslog Response Rule” does not require the additional method described for “Syslog Server Alerts” – they are separate functions.
- When creating an Automated Response Rule, select ‘Log to a Syslog Server‘ as the action. Fill in the Host, Port, Message, and Level as appropriate. Once assigned to a Policy, the Response Rule will generate a syslog event when triggered.
- Create Syslog Server Alerts
The System Maintenance Guide outlines how to setup Syslog events.
To enable syslog functionality
- Navigate to the installed directory, for example
<drive>:\SymantecDLP\Protect\configdirectory on Windows or the/opt/SymantecDLP/Protect/configdirectory on Linux. - Open the
Manager.propertiesfile. - Uncomment the
#systemevent.syslog.host=line by removing the#symbol from the beginning of the line and enter the hostname or IP address of the syslog server. - Uncomment the
#systemevent.syslog.port=line by removing the#symbol from the beginning of the line and enter the port number that should accept connections from the Vontu Enforce server. The default is514. This is UDP. - Uncomment the
#systemevent.syslog.format= [{0.EN_US}] {1.EN_US} - {2.EN_US}line by removing the#symbol from the beginning of the line and define the system event message format.
The optional parameters are as follows:
{0.EN_US} – name of the server on which the event occurred
{1.EN_US} – event summary
{2.EN_US} – event detail
For example, in the following configuration:
systemevent.syslog.host=galapagos.company.com
systemevent.syslog.port=600
systemevent.syslog.format= [{0.EN_US}] {1.EN_US} – {2.EN_US}
System event notifications would be written to a server named galapagos.company.com using port 600 and the notification messages will be in the following format:
[server name] summary – details
If galapagos was used to host an Enforce server, an event notification indicating low disk space on galapagos might look like this:
[Enforce server] Low disk space – Hard disk space for incident
data storage server is low. Disk usage is over 82%.
DLP 15.0 and later
You have the ability to set the log level to include INFO and WARNING along with SEVERE.
For reference:
- Log level 3 = logs SEVERE messages only (this is default)
- Log level 4 = Logs SEVERE and WARNING
- Log level 5 = logs INFO, WARNING, SEVERE
Steps to implement:
- Install/Upgrade to DLP 15.0 on your system.
- Open manager.properties as indicated above.
- Find the following line:
systemevent.syslog.level = x - Change the value of x to either 3, 4, or 5 (the default value is 3)
- Restart services for changes to take effect in Windows or Linux.
Was this article helpful?
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |