About Compliance reports and logs

Article:TECH95540  |  Created: 2009-01-14  |  Updated: 2009-01-14  |  Article URL http://www.symantec.com/docs/TECH95540
Article Type
Technical Solution


Issue






Solution



About the information in the Compliance reports and logs

    The Compliance logs contain information about the Enforcer server, clients, and traffic, and about host compliance. The information available includes items such as the time and the event type, the name of the Enforcer involved, the site, and the server.

    Note: If you do not have Symantec Network Access Control installed, the Compliance logs and reports do not contain any data.

    The table below describes some typical uses for the kind of information that you can get from Compliance reports and logs.

    Report or logTypical uses
    Network Compliance Status Use this report to look at overall compliance, to see if clients have failed host integrity checks or authentication, or have been disconnected.
    Compliance Status Use this report to see the total number of clients that have either passed or failed a host integrity check in your network.
    Clients by Compliance Failure Summary Use this report to see the general reasons for control failure events, such as antivirus, firewall, or VPN.
    Compliance Failure DetailsUse this report to see a greater level of detail about the compliance failures. It shows the criteria and the rule that was involved in each failure. It includes the percentage of clients that have been deployed and the percentage that failed.
    For example, the Compliance Failure Summary can show ten client failures due to the antivirus software. In contrast, Compliance Failure Details shows the following information:
    • Four clients have no antivirus software currently in operation on them.
    • Two clients have no antivirus software installed.
    • Four clients have out-of-date antivirus definitions files.
    Non-compliant Clients by Location Use this report to see if some locations have more compliance problems than the others.
    Enforcer Server logUse this log to look at information about Enforcer compliance events, the name of the Enforcer involved, its site, and its server.
    Among other things, this log contains the following information:
    • Which Enforcers were unable to register with their servers
    • Which Enforcers have successfully received downloads of policies and the sylink.xml communication file
    • Whether or not the Enforcers' server has successfully received the Enforcers' logs
    Enforcer Client logUse this log to see which clients have passed or failed Host Integrity checks, were authenticated or rejected, or were disconnected from the network.
    Enforcer Traffic logUse this log to look at information about the traffic that moves through an Enforcer.
    The information available includes:
    • The direction of the traffic
    • The time when the traffic began and the time when the traffic ended
    • The protocol used
    • The source IP address and destination IP address that was used
    • The port that was used
    • The packet size (in bytes)
    • The attempted connections that were allowed or blocked
    • This log applies only to Gateway Enforcers.
    Host Compliance logUse this log to look at specific information about particular compliance events. Such events include the reason, the user involved, and the name of the operating system that was involved.


    References
    2009081409151448 - About the different types of Symantec Endpoint Protection Manager Reports





    Legacy ID



    2009081410270748


    Article URL http://www.symantec.com/docs/TECH95540


    Terms of use for this information are found in Legal Notices