We have issues with the data coming into our ELM from the Symantec AV server in that the data has significant latency. That is, the logs coming in as they're compiled by SEP can be as old as two hours from the actual event time.
I realize this isn't an ELM issue, but an issue with SEP, but all the tinkering I've done so far doesn't seem to help. I'm wondering if any other users have encountered this situation, and if so, how they dealt with it.
Do you know the root cause of the delay?
Do you know if the logs are collected slowly or processed slowly by the AV server?
Are you under the impression that it's operating as intended?
Thanks for the response, Andy.
From what I can tell and the response we get from Symantec, the logs just take some time to process by the AV server. Otherwise, it appears to be operating as expected.
I'll dig some examples out and post them here for review.