Configuring Symantec SEPM
follow these steps to configure Symantec SEPM to send logs to FortiSIEM. For more information about Symantec SEPM, see the SEPM Installation and Administration Guide: https://support.symantec.com/us/en/article.DOC10654.html
- In the Symantec SEPM console, go to Admin > Servers.
- Click the local site or remote site that you want to export log data from.
- Click Configure External Logging.
- On the General tab, in the Update Frequency list box, select how often to send the log.
- In the Master Logging Server list box, select the management server to send the logs to. If you use SQL Server and connect multiple management servers to the database, then specify only one server as the Master Logging Server.
- Check Enable Transmission of Logs to a Syslog Server (FortiSIEM).
- Provide the following information. Be sure that syslog server IP and Port can be reached from SEPM.
- Syslog Server—Enter the IP address or domain name of the Syslog server that will receive the log data (in this case, the IP of FortiSIEM).
- Destination Port—Select the protocol to use, and enter the destination port that the Syslog server uses to listen for Syslog messages. (for example, UDP 514 for FortiSIEM).
- Log Facility—Enter the number of the log facility that you want to the Syslog configuration file to use, or use the default value. Valid values range from 0 to 23.
- On the Log Filter tab, check which logs to export
Receiving Events in FortiSIEM
- Check for events in FortiSIEM. Go to the ANALYTICS page and search for "Symantec".
- Check for the device added by log. Go to CMDB > Devices.