Endpoint Protection

As per my understanding, All events checked will be sent from the client to the management server, but 

-      Which events are checked?

-      Does this mean that all agents systems forward the AV logs to the Symantec server?

Below is a list of events that are logged on the local client and forwarded on to the Symantec Endpoint Protection Manager. Many, but not all, of these events appear in the Windows Application Log

http://www.symantec.com/business/support/index?page=content&id=TECH105571

yes AV log information like system scan, pattern date, infection found and action are sent to the SEPM.

when you check the monitor --> logs  you will find the relevant log information from clients to server.

You can set the options for what you want sent in the policy

All agents that are connected to the SEPM will send their logs

Hi,

Thank you for posting in Symantec community.

Events that are logged on the local client and forwarded on to the Symantec Endpoint Protection Manager. Many, but not all, of these events appear in the Windows Application Log.

Following aritcle should answer your query.

Smantec Endpoint Protection 12.1.x event log entries

http://www.symantec.com/docs/TECH186925

Thanks for all who responds to my thread.

"Many, but not all, of these events appear in the Windows Application Log"

Does that means the list of events in the http://www.symantec.com/business/support/index?page=content&id=TECH186925 are all logged in the SEPM server and some other events (not listed in there) are also listed in the WIndows Event Viewer \ Application log ?

with SEP 12.1.4 you will find Symantec endpoint proection in the eventvwr.

Rafeeq,

So in this case all of those Event in the article will be logged in the Windows Event viewer not forwarded to the SEPM server or to the External Logging server ?

They will be sent to the SEPM and forwarded to syslog assuming you configured them to do so

SEPM will get the events from SEP client, then you need to configure the SEPM to forward the logging to external server.

You are right.

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Many thanks all for the clarification !