RSA Admin

Alert does not fire after changing collection method from syslog to SQL ODBC for Symantec Endpoint

Discussion created by RSA Admin Employee on Jun 10, 2011
Latest reply on Jun 14, 2011 by RSA Admin

Hi !

 

   I have an alert that fires when the same virus is detected in 10 different pc's within an hour.  It fires normally if I set the SEP server to send logs thru syslog. But after I changed the log collection method to SQL ODBC the alert does not fire anymore. I have queried the antivirus table and data are being written and all my reports are working fine. The only weird thing is I cant see any logs in the analysis if I select the SEP server. Is this normal? Or I cannot use ODBC collection and Alerter at the same time seeing that there is no data in the analysis?

 

Thanks!

Outcomes