Endpoint Protection

 View Only
Back to Library

Configuring SEP Client Logging and External Logging 

Apr 21, 2016 05:35 PM

Overview

 

SEP allows for clients to report their log information to the Symantec Endpoint Protection Manager (SEPM). This client logging can be done with or without using external logging. Either way, this allows for reports to be created in the SEPM console. These reports can be viewed or saved to external files.

The external logging feature in the SEPM allows for saving log data outside of a SEPM server.

These two methods are:

  1. Exporting log data to a dump file
  2. Exporting log data to an external logging server.

 

Both methods are configured in the SEPM console. The following is a high-level overview of the related logging options.

 

Obtaining Log Files from Managed Clients

 

Generally, it is desirable to gather log data from managed SEP clients. There are two locations in the SEPM to configure logging options for clients and to instruct them to send log data to the SEPM.

Note: It is important to consider disk space requirements on the SEPM and on the clients when gathering log data from clients.

Note: The SEP client doesn't have an automated mechanism to push log files to a log server. Most, if not all, SEP client log files are in CSV format. Perhaps, there's a way to "pull" them in or have another mechanism push them to the external log server. The location of the SEP client logs on Windows clients is: \ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs. One recommendation is to sort by file size to see which log files populate and then check each for desired data.  

 

The first location is in the Clients, <Site/Group>, Policies tab, Client Log Settings screen, shown here:

 

 

1_sepm_external_logging_configure_clients1_0.jpg

 

The second location is in the Virus and Spy ware Protection policy applied to clients. Note that there could be multiple policies for managing a variety of clietns and each policy assigned to clients will require logging configuration. (If groups inherit settings from the parent site, only the parent site will need to be modified.)

 

2_sepm_external_logging_configure_policy1_0.jpg

 

 

When editing a policy, a new screen will appear over the main SEPM screen that contains these logging options. This is in the Miscellaneous section on the Log Handling tab, as shown here:

 

 

3_sepm_external_logging_configure_policy2_0.jpg

 

 

Configuring External Logging in the SEPM Console

 

Now that clients are sending log data to the SEPM, it may be desirable to save that log data externally, either to dump files or to an external logging server.

To configure external logging, browse to the following location in the SEPM console:

Admin, Servers, <Site>, Configure External Logging

 

4_external_logging_admin_servers_site_1_general_0.jpg

 

The dump file location, by default, is <sepm install directory>\data\dump.

 

 

5_external_logging_admin_servers_site_2_logfilter_0.jpg

 

 

References:

http://www.symantec.com/docs/HOWTO81168 - Exporting log data to a text file

http://www.symantec.com/docs/HOWTO81169 - Exporting Data to a Syslog Server

 

 

 

 

 

Statistics
0 Favorited
17 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.