Monitoring endpoint protection

Article:HOWTO55302  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55302
Article Type
How To


Subject


Monitoring endpoint protection

Symantec Endpoint Protection collects information about the security events in your network. You can use log and reports to view these events, and you can use notifications to stay informed about the events as they occur.

You can use the reports and logs to determine the answers to the following kinds of questions:

  • Which computers are infected?

  • Which computers need scanning?

  • What risks were detected in the network?

Note:

Symantec Endpoint Protection pulls the events that appear in the reports from the event logs on your management servers. The event logs contain time-stamps in the client computers' time zones. When the management server receives the events, it converts the event time-stamps to Greenwich Mean Time (GMT) for insertion into the database. When you create reports, the reporting software displays information about events in the local time of the computer on which you view the reports.

Table: Tasks for monitoring endpoint protection

Task

Description

Review the security status of your network

The following list describes some of the tasks that you can perform to monitor the security status of your client computers.

See Viewing client inventory.

See Viewing a daily or weekly status report.

Locate which client computers need protection

You can perform the following tasks to view or find which computers need additional protection:

Protect your client computers

You can run commands from the console to protect the client computers.

See Running commands on the client computer from the logs.

For example, you can eliminate security risks on client computers.

See Checking the scan action and rescanning the identified computers.

Configure notifications to alert you when security events occur

You can create and configure notifications to be triggered when certain security-related events occur. For example, you can set a notification to occur when an intrusion attempt occurs on a client computer.

See Setting up administrator notifications.

Create custom quick reports and scheduled reports for ongoing monitoring

You can create and generate customized quick reports and you can schedule custom reports to run regularly with the information that you want to see.

See Running and customizing quick reports.

See Creating scheduled reports.

See Saving and deleting custom reports.

See Configuring reporting preferences.

Minimize the amount of space that client logs take

For security purposes, you might need to retain log records for a longer period of time. However, if you have a large number of clients, you may have a large volume of client log data.

If your management server runs low on space, you might need to decrease the log sizes, and the amount of time the database keeps the logs.

You can reduce the volume of log data by performing the following tasks:

Export log data to a centralized location

Log data export is useful if you want to accumulate all logs from your entire network in a centralized location. Log data export is also useful if you want to use a third-party program such as a spreadsheet to organize or manipulate the data. You also might want to export the data in your logs before you delete log records.

You can export the data in some logs to a comma-delimited text file. You can export other logs' data to a tab-delimited text file that is called a dump file or to a Syslog server.

See Exporting log data to a text file.

See Exporting data to a Syslog server.

See Exporting log data to a comma-delimited text file.

See Viewing logs from other sites.

Troubleshoot issues with reports and logs

You can troubleshoot some issues with reporting.

See Troubleshooting reporting issues.


Legacy ID



v48384769_v59371754


Article URL http://www.symantec.com/docs/HOWTO55302


Terms of use for this information are found in Legal Notices