Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > Integrate Symantec Endpoint Protection 11 or later with SolarWinds LEM

Integrate Symantec Endpoint Protection 11 or later with SolarWinds LEM

Created by Karen Valdellon, last modified by Jason Dee on Jul 24, 2017

Views: 364 Votes: 0 Revisions: 9

Updated July 24, 2017


This article outlines the procedures for configuring Symantec Endpoint Protection 11 or later to log to your LEM appliance and configuring the Symantec Endpoint Protection 11 connector on your LEM Manager.


All LEM versions


To configure Symantec Endpoint Protection to log to the LEM appliance:

  1. Open Symantec Endpoint Protection (SEP).
  2. Click Admin, and then select Servers > Local Site > Configure External Logging.
  3. On the External Logging for Local Site window, select Enable Transmission of Logs to a Syslog Server.
  4. Enter the IP address of your LEM appliance in the Syslog Server field.
  5. Enter 22 in the Log Facility field.
    Note: The Log Facility value in SEP is equal to the local facility on your LEM appliance plus 16, so the default local facility of local6 in the SEP connector for the LEM Manager equates to Log Facility 22 in SEP and change default  syslog port changed from 1468 to 514
  6. Select CR in the Log Line Separator field.
  7. Click the Log Filter tab.
  8. Select the logs you want to send to your LEM appliance.
  9. Click OK.

To configure the Symantec Endpoint Protection 11 connector on the LEM Manager:

Note: A connector for the Windows Application log still exists because earlier versions of SEP do not generate syslog data.

  1. Open the LEM Console and log in to the LEM Manager as an administrator.
  2. Click the gear icon next to your LEM Manager, and then select Connectors.
  3. In the Connector Configuration window, enter Symantec Endpoint Protection 11 in the search box at the top of the Refine Results pane.
  4. Click the gear icon next to the Symantec Endpoint Protection 11 connector, and then select New.
  5. Enter a custom Alias or accept the default.
  6. If you entered a Log Facility value other than 22 in SEP, verify the Log File value in your LEM connector matches the Log Facility defined in Step 5 above.
  7. If you are finished configuring the connector, click Save.
  8. Click the gear icon next to the new connector, denoted by an icon in the Status column, and then click Start.
  9. Click Close to close the Connector Configuration window.

After the connector starts, test your integration using a trusted antivirus test site, such as

Last modified
12:20, 24 Jul 2017