Use the Splunk Add-on for Symantec Endpoint Protection (SEP) to collect SEP server and client activity logs from:
- Symantec Endpoint Protection Manager dump files
- Syslog, using Splunk forwarders and Splunk Connect for Syslog
You can collect the following log files:
- Server Administration
- Application and Device Control
- Server Client
- Server Policy
- Server System
- Client Packet
- Client Proactive Threat
- Client Risk
- Client Scan
- Client Security
- Client System
- Client Traffic