Video Screencast Help

Audit Logs from SEPM

Created: 25 Apr 2013 | 8 comments

Dear All,

I had enabled USB Tracking logs in SEPM12.2  with defualt settings. Now was looking for a log which is more than 6 months old. Request you to kindly provide us the alternate solution.

Sathish

Operating Systems:

Comments 8 CommentsJump to latest comment

W007's picture

Hello,

You can view Logs

how to view the record of USB activation?

1: log in SEPM

2: click "Monitor" on the SEPM left panel

3: click " logs" tag

4:choose " application and device control" as log type, choose " application control" as log content.

5: choose the approperal time range and click " view log" button

6: you can find the same information from database table" DBA.AGENT_BEHAVIOR_LOG_2"

how to use symantec endpoint protection (SEP) to monitor the USB device activite
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH155578 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2011-03-15 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2011-03-22 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH155578

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

IDFC IT Team's picture

Hi Manish,

Default log settings are 10000 entries which will expire in 60 days. Under Log settings, which one describes the logs for USB traffic so that I can increase the number entries and also days. And also let me know whether how the settings are overwritten. EIther one of them or both the condition needs to be met for logs reuse.

Sathish

pete_4u2002's picture

whatever hits first will be purged..increase the days and the threshold to manage the data for last 180 days.

Mithun Sanghavi's picture

Hello,

The SEPM stores by default only 20 thousand entries or 60 days of logs for these controls.

 You need change the number of control logs to be stored.

  • Open the SEPM > Admin > Servers
  • Select the database icon ''localhost'' and right click the mouse on ''Edit Database Properties''
  • Select the Log Settings tab and change the ''Control Log Limit'' for increase the amount of logs for application control logs.

NOTE: When the number of entries be increased then the database will increase and will consume more disk space.

Hope that helps!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

W007's picture

Hello,

You cn check this discussion

https://www-secure.symantec.com/connect/forums/how...

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Disk space can consume high disk space.

Check Beppe notes in this article

https://www-secure.symantec.com/connect/forums/how...

Probably it can be due to IT policy that maintain 12 months old logs.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SameerU's picture

Hi

You can get the logs if they have been retained

Regards

AjinBabu's picture

HI, 

By default it keeps the logs up to 60 Days.

Have you changed these values then you will able to get the logs.

Regards

Ajin