Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Audit/Monitoring

Created: 06 Jun 2013 | 7 comments

Hello.  Does SEPM 12.1+ console include the ability to track administrator/user accesses directly into the console by way of access logs?

 

Thanks!

jdk1965

Operating Systems:

Comments 7 CommentsJump to latest comment

Rafeeq's picture

Yes you can check in the logs

SEPM click on ,monitors- logs -

Log type :system-

Log content:adminstrative logs

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

 

W007's picture

Check Mithun Comments

https://www-secure.symantec.com/connect/forums/sep...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AjinBabu's picture

HI, 

Follow the Steps 

Admin Logs.jpg

Regards

Ajin

 

Chetan Savade's picture

Hi,

Thank you for posting in Symantec connect.
 
I would be glad to answer your question.
 
You can view only activities and event logs with the help of this article with some limitations.

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

Idea has been raised to log more information, can promote this idea.

Idea: Have more details in the logs regarding computer accounts moved/copied/deleted events

https://www-secure.symantec.com/connect/ideas/have-more-details-logs-regarding-computer-movedcopieddeleted-events

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

The Audit log contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.

The default Audit quick report is called Policies Used. View the Policies Used report to monitor the policies in use in your network, by group. You can look at the Audit log when you want to see which administrator changed a particular policy and when.

About the reports you can run

Check these Articles:

About log types

http://www.symantec.com/docs/HOWTO27271

About Computer Status reports and logs

http://www.symantec.com/docs/TECH95541

About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.