Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4096 Source: secars

Create Log File Error!
According to Symantec document id 2007111411152348, the Symantec Endpoint Protection Manager uses Radius communication and requires port 1812 to be available for the Enforcer (see References below). If a Radius Server is already installed it may be using the same port and is causing this problem. Other installed software may also be using this port.

Change the port the Endpoint Protection Manager uses
Navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc
Open the file
Add a line at the bottom that reads:


where xxxx is the desired port number

Save and close the file
Restart the IIS Admin Service
Click Start > Run
Type services.msc and click OK
Right-click on IIS Admin Service and click Restart
Run the Management Server Configuration Wizard
Click Start > All Programs > Symantec Endpoint Protection Manager > Management Server Configuration Wizard

Change the port the existing Radius Server (or other third party software) is using

Install the Symantec Endpoint Protection Manager on a different computer where port 1812 is not in use.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.