About logs
| Article:HOWTO55409 | | | Created: 2011-06-29 | | | Updated: 2011-12-17 | | | Article URL http://www.symantec.com/docs/HOWTO55409 |
Logs contain records about client configuration changes, security-related activities, and errors. These records are called events. The logs display these events with any relevant additional information. Security-related activities include information about virus detections, computer status, and the traffic that enters or exits the client computer.
Logs are an important method for tracking each client computer's activity and its interaction with other computers and networks. You can use this data to analyze the overall security status of the network and modify the protection on the client computers. You can track the trends that relate to viruses, security risks, and attacks. If several people use the same computer, you might be able to identify who introduces risks, and help that person to use better precautions.
You can view the log data on the Logs tab of the Monitors page.
The management server regularly uploads the information in the logs from the clients to the management server. You can view this information in the logs or in reports. Because reports are static and do not include as much detail as the logs, you might prefer to monitor the network primarily by using logs.
You can view information about the created notifications on the Notifications tab and information about the status of commands on the Command Status tab.
You can also run commands from some logs.
See Running commands on the client computer from the logs
Table: Log types describes the different types of content that you can view and the actions that you can take from each log.
Table: Log types
Log type | Contents and actions |
|---|---|
Audit | The Audit log contains information about policy modification activity. Available information includes the event time and type; the policy modified; the domain, site, and user name involved; and a description. No actions are associated with this log. |
Application and Device Control | The Application Control log and the Device Control log contain information about events where some type of behavior was blocked. The following Application and Device Control logs are available:
Available information includes the time the event occurred, the action taken, the domain and computer that were involved, the user that was involved, the severity, the rule that was involved, the caller process, and the target. You can create an application control or Tamper Protection exception from the Application Control log. |
Compliance | The compliance logs contain information about the Enforcer server, Enforcer clients, and Enforcer traffic, and about host compliance. No actions are associated with these logs. |
Computer Status | The Computer Status log contains information about the real-time operational status of the client computers in the network. Available information includes the computer name, IP address, infected status, protection technologies, Auto-Protect status, versions, definitions date, user, last check-in time, policy, group, domain, and restart required status. You can also clear the infected status of computers from this log. |
Network Threat Protection | The Network Threat Protection logs contain information about attacks on the firewall and on intrusion prevention. Information is available about denial-of-service attacks, port scans, and the changes that were made to executable files. They also contain information about the connections that are made through the firewall (traffic), and the data packets that pass through. These logs also contain some of the operational changes that are made to computers, such as detecting network applications, and configuring software. No actions are associated with these logs. |
SONAR | The SONAR log contains information about the threats that have been detected during SONAR threat scanning. These are real-time scans that detect potentially malicious applications when they run on your client computers. Available information includes items such as the time of occurrence, event actual action, user name, computer/domain, application/application type, count, and file/path. See About SONAR. |
Risk | The Risk log contains information about risk events. Available information includes the event time, event actual action, user name, computer/domain, risk name/source, count, and file/path. |
Scan | The Scan log contains information about virus and spyware scan activity. Available information includes items such as the scan start, computer, IP address, status, duration, detections, scanned, omitted, and domain. No actions are associated with these logs. |
System | The system logs contain information about events such as when services start and stop. No actions are associated with these logs. |
|
|
Legacy ID
v8156418_v59371754
Article URL http://www.symantec.com/docs/HOWTO55409
Terms of use for this information are found in Legal Notices
Thank you.