Version:

Configuring the Application

Adding a Normalization Policy for Symantec Security

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select Compiled Normalizers and Normalization Packages applicable for the Symantec Security application.

  5. Click Submit.

_images/symantec_norm.png

Adding a Normalization Policy

Adding Symantec Security as a Device in LogPoint

  1. Go to Settings >> Configuration >> Devices.

  2. Click Add.

_images/symantec_device.png

Create Device Panel

  1. Enter a device Name.

  2. Enter the IP address(es) of the Symantec Security server.

  3. Select the Device Groups.

  4. Select an appropriate Log Collection Policy for the logs.

  5. Select a collector or a forwarder from the Distributed Collector drop-down menu.

Note

It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.

  1. Select a Time Zone.

Note

The timezone of the device must be the same as that of its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

_images/available_collectorfetcher.png

Available Collectors Fetchers Panel

Configuring the Syslog Collector for Symantec Security

  1. Click Syslog Collector on the Available Collectors Fetchers panel.

_images/syscollector.png

Syslog Collector Panel

  1. Select the Syslog Parser.

  2. Select the Processing Policy which contains the previously added normalization policy.

  3. Select the Charset.

  4. Select None as Proxy Server.

  5. Click Submit.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support