The user is not able to get the information and warning events, the system only sends severe events via Syslog.

It's working as per design. The user will not be able to get the information and warning events, the system only sends Severe events via Syslog Server. DLP (Data Loss Prevention) integrates with ICA Information Centric Analytics which provides the same feature of reporting for DLP.

For ICA configuration, please contact the ICA team. Please find the link below for the Information Centric Analytics user guide:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/information-centric-analytics/6-6.html

Update:

As of DLP 15.0 and later you have the ability to set the log level to include INFO and WARNING along with SEVERE.

For reference:

• Log level 3 = logs SEVERE messages only (this is default)
• Log level 4 = logs WARNING and SEVERE
• Log level 5 = logs INFO, WARNING, SEVERE

Steps to implement:

1. Install/Upgrade to DLP 15.0 or later on your system.
2. Open Manager.properties as indicated above.
3. Find the following line:  systemevent.syslog.level = x​
4. Change the value of x to either 3, 4, or 5 (the default value is 3)
5. Save the file and restart the Enforce services.