I am trying to send logs from Symantec Endpoint Protection to Logstash using syslog. Unfortunately, Beats is not an option for our setup. So I have SEP send syslogs over tcp at port 50000. At the moment, I simply print the logs to the console with no filtering. The problem is that some times a get concatenated events as a single one. Here is an example:
logstash_1 | {
logstash_1 | "@timestamp" => 2022-09-09T14:46:26.159144Z,
logstash_1 | "event" => {
logstash_1 | "original" => "<54>Sep 9 17:46:11 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Successfully downloaded the Virus and Spyware definitions SDS Win64 (reduced) 14.3 RU4 9/9/22 r2 security definitions from LiveUpdate. The security definitions are now available for deployment.\r"
logstash_1 | },
logstash_1 | "type" => "syslog",
logstash_1 | "message" => "<54>Sep 9 17:46:11 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Successfully downloaded the Virus and Spyware definitions SDS Win64 (reduced) 14.3 RU4 9/9/22 r2 security definitions from LiveUpdate. The security definitions are now available for deployment.\r",
logstash_1 | "@version" => "1"
logstash_1 | }
logstash_1 | {
logstash_1 | "@timestamp" => 2022-09-09T14:46:56.498947Z,
logstash_1 | "event" => {
logstash_1 | "original" => "<54>Sep 9 17:46:29 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Successfully downloaded the Virus and Spyware definitions SDS Win64 14.3 RU4 9/9/22 r2 security definitions from LiveUpdate. The security definitions are now available for deployment.\r<54>Sep 9 17:46:42 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Successfully downloaded the Virus and Spyware definitions SDS Win64 (reduced) 14.3 RU5 9/9/22 r2 security definitions from LiveUpdate. The security definitions are now available for deployment.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU2 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU3 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU4 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU5 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Win64 14.3 RU5 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Web and Cloud Access Protection Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Windows Host Integrity Content 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Intrusion Prevention Signatures 14.0.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Advanced Machine Learning (Static) content Win64 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Extended File Attributes and Signatures 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Submission Control signatures 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Threat Defense for AD Data 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Centralized Reputation Settings 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Policy Command Handler.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Web and Cloud Access Protection 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Win64 14.3 RU2 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine 14.3 RU1.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 12.1 RU6 MP8.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.0.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3 RU4.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Application Control Data 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Policy Command Handler 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Manager Metadata 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Power Eraser Definitions 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU3.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SEPM Data 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures Win64 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Advanced Machine Learning (Static) content Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.3 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine 14.3 RU4.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Symantec Allow List 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions SDS Win64 (reduced) 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Application Control Data 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update AP Portal List 14.3 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Manager API 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Power Eraser Definitions 14.0.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Attack Surface Reduction Win64 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Advanced Machine Learning (Static) content Win64 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 12.1 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Policy Command Handler Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 14.3 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.3 RU2.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Endpoint Threat Defense for AD Data 14.3 RU4.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions SDS Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.3 RU4.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Common Network Transport Library and Configuration 14.3 RU3.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Threat Defense for AD Data 14.2 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine 14.3 RU2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Browser Extension Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Attack Surface Reduction 14.3 RU4.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Revocation Data 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Manager Content Catalog 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3 RU1.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Common Network Transport Library and Configuration 14.2 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.3 RU4.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.2 RU2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SEPM LiveUpdate Database 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.3 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3 RU2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.2 RU1.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: LiveUpdate encountered one or more errors. Return code = 4.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: LiveUpdate finished running.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: LiveUpdate retry failed. Will try again.\r"
logstash_1 | },
logstash_1 | "type" => "syslog",
logstash_1 | "message" => "<54>Sep 9 17:46:29 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Successfully downloaded the Virus and Spyware definitions SDS Win64 14.3 RU4 9/9/22 r2 security definitions from LiveUpdate. The security definitions are now available for deployment.\r<54>Sep 9 17:46:42 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Successfully downloaded the Virus and Spyware definitions SDS Win64 (reduced) 14.3 RU5 9/9/22 r2 security definitions from LiveUpdate. The security definitions are now available for deployment.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU2 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU3 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU4 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Client Patch Win64 14.3 RU5 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Win64 14.3 RU5 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Web and Cloud Access Protection Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Windows Host Integrity Content 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Intrusion Prevention Signatures 14.0.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Advanced Machine Learning (Static) content Win64 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Extended File Attributes and Signatures 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Submission Control signatures 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Threat Defense for AD Data 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Centralized Reputation Settings 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Policy Command Handler.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Web and Cloud Access Protection 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Win64 14.3 RU2 (English).\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine 14.3 RU1.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 12.1 RU6 MP8.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.0.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3 RU4.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Application Control Data 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Policy Command Handler 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Manager Metadata 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Power Eraser Definitions 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU3.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SEPM Data 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures Win64 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Advanced Machine Learning (Static) content Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.3 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine 14.3 RU4.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Symantec Allow List 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions SDS Win64 (reduced) 14.2 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Application Control Data 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update AP Portal List 14.3 RU2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Manager API 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Power Eraser Definitions 14.0.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Attack Surface Reduction Win64 14.3 RU5.\r<52>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Advanced Machine Learning (Static) content Win64 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 12.1 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Policy Command Handler Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU4.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.2.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response Win64 14.3 RU5.\r<54>Sep 9 17:46:45 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for AP Portal List 14.3 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.3 RU2.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Endpoint Threat Defense for AD Data 14.3 RU4.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions SDS Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.3 RU4.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Common Network Transport Library and Configuration 14.3 RU3.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Threat Defense for AD Data 14.2 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SONAR Heuristics engine 14.3 RU2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Browser Extension Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Attack Surface Reduction 14.3 RU4.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Revocation Data 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration Win64 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Protection Manager Content Catalog 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3 RU1.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: Symantec Endpoint Protection Manager could not update Common Network Transport Library and Configuration 14.2 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Endpoint Detection and Response 14.3 RU4.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.2 RU2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for SEPM LiveUpdate Database 14.3 RU5.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.3 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Symantec Endpoint Foundation Win64 14.3 RU1.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Common Network Transport Library and Configuration 14.3 RU2.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: No updates found for Intrusion Prevention Signatures 14.2 RU1.\r<52>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: LiveUpdate encountered one or more errors. Return code = 4.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: LiveUpdate finished running.\r<54>Sep 9 17:46:46 WIN-RPPCBQPPJLQ SymantecServer: Site: My Site,Server Name: WIN-RPPCBQPPJLQ,Event Description: LiveUpdate retry failed. Will try again.\r",
logstash_1 | "@version" => "1"
logstash_1 | }
Is that normal?
My pipeline.conf file is:
input {
tcp {
port => 50000
type => syslog
}
}
output {
stdout {
codec => rubydebug
}
}
Thanks in advance.