How to configure the Symantec Security Information Manager to send it's notifications via syslog to another syslog server or SSIM Collector.
This can be configured in the Rule, on the Actions tab by setting the notifcation recipient to Syslog.
Then setup the syslog daemon to send those items to another syslog server.
Set the Rule to send notifications via syslog
Setup the Syslog Daemon to send the notification events to the syslog server
The nofication will appear in /var/log/messsages as shown below, and will be sent to the syslog server specified in the syslog.conf file.
Feb 3 14:09:23 myssimsname Incident Service: Created incident RULE: "The rule name is shown here" REF: 0000002139
Did this article resolve your issue?
Did this article save you the trouble of contacting technical support?
How can we make this article more helpful?
Email Address (Optional)
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Submit a suspected infected file to Symantec.
Report a suspected erroneous detection (false positive).
Create and manage cases, manage licensing and renewals, submit threats, and enroll with Symantec Rewards.
Customer and Technical Support phone numbers and hours of operation.
User-to-user forums, blogs, videos, and other community resources on Symantec Connect.
Set default language
Do you wish to save this as your future site?