Depending on your deployment topology, you might need to define a system log (Syslog) server.
The following logs will be forwarded to the syslog server:
- Event logs,
- Management audit logs,
- Gateway audit logs, and
- Activity logs.
1. To define a new syslog server, go to System Configuration → External Log Server → New External Log Server → Syslog Server
2. Configure the parameters described in the following table for the new syslog server, and then click Create.
Note: Use port Number - 11678
The syslog server must be set up with log forwarding to become operational.
For the log forwarding setup: Event Logs
The Symantec Threat Isolation Event Log displays all system events in descending order, with the newest events at the top of the list and older ones listed as you scroll down.
To configure the Event Log, go to Monitoring → Event Logs
The Event Log displays the parameters described in the table below