Hi there,
I've got a couple of issues that I need some help with.
I'm trying to set up symantec endpoint app and also trying to set up the universal forwarded on the SEP manager so that it will forward enriched information about the sep clients reporting to the SEP manager.
Details include: SEP version: SEP12.1.x Splunk version: 6
I have configured the SEP manager to send external logging to a tcp port(4096/tcp) to the splunk server and can confirm that the logs are being received.
I've installed the Symantec for Splunk app but when I load it there's nothing in the display.
I've also installed the Universal forwarder on the server that's running the SEP manager, but unsure of what additional configuration I need to get it to send SEP client logs reporting into the SEP manager over to my Splunk server.
Any help would be great! Many thanks inadvance.