When you integrate Symantec Advanced Threat Protection (ATP) with Symantec Endpoint Protection, ATP collects incident logs from each of your SEPM databases. Synapse then correlates events from these logs with events from your other control points.
The Symantec Endpoint Protection Manager embedded database does not support remote access. For ATP to access this database, you must install the Synapse Log Collector onto each of your SEPM embedded database computers. Before doing this, make sure that your Symantec Endpoint Protection environment meets the necessary requirements.
You can only install the Synapse Log Collector on a MS Windows systems. The log collector uses port 8081 by default. If another process uses the same port, log collection fails. You can resolve this conflict by assigning a different port to the other process, or to the log collector as described in step 4 below.
To install the Synapse Log Collector
In ATP Manager, click Settings > Global.
In the Synapse section, under Symantec Endpoint Protection Manager (SEPM) Databases, click Download Synapse Log Collector for SEPM Embedded DB. Save the SEPMLogCollector.msi file to your local computer.
Move the file to your SEPM embedded database computer, and then run it.
Under Log Collector service settings, configure the following:
Service IP Address
The IP address of your Symantec Endpoint Protection Manager computer.
Make sure that ATP has access to this IP address.
The port number that the log collector listens on. The default is 8081.
Make sure that this port is enabled on your firewall.