Endpoint Protection

 View Only

  • 1.  Audit Logs from SEPM

    Posted Apr 26, 2013 02:00 AM

    Dear All,

    I had enabled USB Tracking logs in SEPM12.2  with defualt settings. Now was looking for a log which is more than 6 months old. Request you to kindly provide us the alternate solution.

     

    Sathish



  • 2.  RE: Audit Logs from SEPM

    Posted Apr 26, 2013 02:05 AM

    Hello,

    You can view Logs

    how to view the record of USB activation?

    1: log in SEPM

    2: click "Monitor" on the SEPM left panel

    3: click " logs" tag

    4:choose " application and device control" as log type, choose " application control" as log content.

    5: choose the approperal time range and click " view log" button

    6: you can find the same information from database table" DBA.AGENT_BEHAVIOR_LOG_2"

     

    how to use symantec endpoint protection (SEP) to monitor the USB device activite

    Article:TECH155578  |  Created: 2011-03-15  |  Updated: 2011-03-22  |  Article URL http://www.symantec.com/docs/TECH155578

     



  • 3.  RE: Audit Logs from SEPM

    Posted Apr 26, 2013 02:23 AM

    Hi Manish,

    Default log settings are 10000 entries which will expire in 60 days. Under Log settings, which one describes the logs for USB traffic so that I can increase the number entries and also days. And also let me know whether how the settings are overwritten. EIther one of them or both the condition needs to be met for logs reuse.

     

    Sathish



  • 4.  RE: Audit Logs from SEPM

    Broadcom Employee
    Posted Apr 26, 2013 02:30 AM

    whatever hits first will be purged..increase the days and the threshold to manage the data for last 180 days.



  • 5.  RE: Audit Logs from SEPM

    Broadcom Employee
    Posted Apr 26, 2013 02:53 AM

    Hi,

    Disk space can consume high disk space.

    Check Beppe notes in this article

    https://www-secure.symantec.com/connect/forums/how-make-sure-sepm-log-saved-least-12-months

    Probably it can be due to IT policy that maintain 12 months old logs.

     



  • 6.  RE: Audit Logs from SEPM

    Posted Apr 26, 2013 02:55 AM

    Hello,

    You cn check this discussion

    https://www-secure.symantec.com/connect/forums/how-make-sure-sepm-log-saved-least-12-months



  • 7.  RE: Audit Logs from SEPM

    Posted Apr 26, 2013 05:20 AM

    Hi

    You can get the logs if they have been retained

    Regards

     



  • 8.  RE: Audit Logs from SEPM

    Trusted Advisor
    Posted May 09, 2013 09:42 AM

    Hello,

    The SEPM stores by default only 20 thousand entries or 60 days of logs for these controls.

     You need change the number of control logs to be stored.

    • Open the SEPM > Admin > Servers
    • Select the database icon ''localhost'' and right click the mouse on ''Edit Database Properties''
    • Select the Log Settings tab and change the ''Control Log Limit'' for increase the amount of logs for application control logs.

    NOTE: When the number of entries be increased then the database will increase and will consume more disk space.

    Hope that helps!



  • 9.  RE: Audit Logs from SEPM

    Posted Jun 07, 2013 06:05 AM

    HI, 

    By default it keeps the logs up to 60 Days.

    Have you changed these values then you will able to get the logs.

    Regards

    Ajin