Fresh and fully updated installation of SEP 12.1.2100.2093. I have a test server with the Endpoint client installed. External logging is set up to send all events (I enabled every event in Log Filters) to my syslog server. When I paste the EICAR string into a text file and save it, Endpoint hits on it as it should. The hit eventually shows up (takes a minute or two) in the log monitor on the Management server, but only occasionally does the syslog message make its way to my syslog server. It does seem that if I reboot the Management server, all the messages in queue are suddenly released before the box reboots. Other messages take their time getting to syslog also. The update inverval is set to 30 seconds, so what am I missing? As I mentioned before, I have every message and event enabled in both the log filter and in policy.
I need a solution