

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Īny idea on how to uninstall the software other than by going to Programs&Features? There ist no entry at all for Symantec under We are using Endpoint Protection Cloud and this uninstall string is not available in the registry.

The recommended way of collecting SEPM logs should be via dumpfile instead of syslog as this add-on is not officially supported by Splunk or Symantec.Subject: RE: Is there a command line to uninstall SEP 14 with uninstallation password? You will need to install this add-on on the Heavy Forwarder or Indexer, depending on your architecture, and the add-on will parse the logs to relevant sourcetype based on the regex. You will need to create a custom nf on the Heavy/Universal Forwarder (if you have one installed on the syslog server) and configure it to monitor your Symantec syslog filepath.įor example, if your Symantec syslog is stored in /opt/syslog/symantec/symantec01012019.txt, your nf should be like this:

How is the data on-boarded, or ingested into these apps/objects? I understand the TA will not have dashboards and only presents the data for use by other apps and objects. Do I need to make any edits updates to the nf, nf, or any other files. What edits changes need to be effected.Ĭ. Do I need an nf in the app directory, if so how/where should I start. I do however see other conf files, including "transforms" and "props".ī. In several posts I see references to an nf file, however there is no nf file in the app directory. How do I assign the sourcetype to the incoming datasourcetype ? The notes for the TA say to "Assign sourcetype symantec:ep:syslog to the incoming datasourcetype" however I'm unclear where/how to assign the sourcetype.Ī. We also have installed Splunk Enterprise Security app for use. I have installed the TA for Symantec Endpoint Protection (syslog) based on several recommendations in this forum. I am sending SEP 14 logs to splunk via syslog directly from SEP manager. Apologies first, for the long post I'm trying to get clarification on some previous posts, hopefully this post can consolidate some of those suggestions/fixes and save some time and frustration for others.
