When you integrate Symantec EDR with SEP, Symantec EDR collects incident logs from each of your SEPM databases. Synapse then correlates events from these logs with events from your other control points.
The SEPM embedded database does not support remote access. For Symantec EDR to access this database, you must install the Synapse Log Collector onto each of your SEPM embedded database computers. Before doing this, make sure that your SEP environment meets the necessary requirements.
You can only install the Synapse Log Collector on a MS Windows systems. The log collector uses port 8081 by default. If another process uses the same port, log collection fails. You can resolve this conflict by assigning a different port to the other process, or to the log collector as described in step 4 below.
To install the Synapse Log Collector
Do one of the following:
In the EDR cloud console, click Settings, select an appliance, and then click Global.
In the EDR appliance console, click Settings > Global.
In the Synapse section, under Symantec Endpoint Protection Manager (SEPM) Databases, click Download Synapse Log Collector for SEPM Embedded DB. Save the SEPMLogCollector.msi file to your local computer.
Move the file to your SEPM embedded database computer, and then run it.
Under Log Collector service settings, configure the following:
Service IP Address
The IP address of your SEPM computer.
Make sure that Symantec EDR has access to this IP address.
The port number that the log collector listens on. The default is 8081.
Make sure that this port is enabled on your firewall.