How to enable Syslog Logging for Symantec Data Loss Prevention

By November 20, 2020Symantec DLP Enforce
You are here:
< Back

You have the option to send severe DLP system events to a syslog server. To do this you must modify the config\ file.

Note: You can configure DLP to send email notifications of severe system events. For details, open the DLP online help and go to Administration > System > Alerts > Alerts Overview.

To enable syslog logging:

  1. Locate and open the config\ file.
  2. Uncomment the following lines:
    • #systemevent.syslog.port=
    • #systemevent.syslog.format= [{0.EN_US}] {1.EN_US} – {2.EN_US}
  3. Type values for each of these parameters, as follows:
    • host—syslog server host or IP address
    • port—syslog server port number (default is 514)
    • format—log file message format. Specify one or more of the following indicators:

{0.EN_US}—includes the name of the server on which the event occurred

{1.EN_US}—includes a brief summary of the event

Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?