Is anyone using Splunk for Symantec? Does it replaces the Symantec SEP management console?
I installed Symantec for Splunk and SEP Management Server on a separate machine, it does not appear the logs are being received, there must be a trick to get logs being sent correctly
thanks
Hi,
Did you installed everything properly ?
You need to configure the forwarder in order to send symantec logs.
Please refer to the next manual
https://docs.splunk.com/Documentation/AddOns/released/SymantecEP/About
I,
In reporting, Splunk For Symantec add more features than the reporting in the SEPM console. Nevertheless, the SEPM console is absolutely indispensable to manage the SEP Solution.
Splunk For Symantec is best for:
Cheers
Olivier.