Endpoint Protection

 View Only

  • 1.  Date/Time - seclog.log

    Posted Aug 10, 2012 11:28 AM

    Hello,

    I wonder if it's even possible to identify date and time of an event recorded in seclog.log. Here is an example of the data:

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    C:\Program Files\Symantec\Symantec Endpoint Protection>type seclog.log


    00000001        00300000        00000000        00000001        00000000        0000000000000001    0000001e
    000001a3        01cd32b0b8b50763        000000ce        00000003        6130900a        1432290a        00000002        00000000        00000002        01cd32b0
    b053589c        01cd32b0b058138c        00000002        00000004        [SID: 24121] Web Attack: Malicious Toolkit Website 10 detected.
    Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exe         C:\Program Files\Internet Explorer\iexplore.exe 9^
     ←xî    █                                       Desktop Office  user DOM1

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    I do not always have access to a PC to use GUI to check the log. And in this particular case, SEP client hasn't uploaded logs to SEP server, so i can't see them from the server side either. I can connect to the PC in question over the network and access seclog.log, but as shown above i cannot determine when the event has happened.

    Is there any way to find out when this event occured?

    Any help is much appreciated.

    Regards,



  • 2.  RE: Date/Time - seclog.log

    Trusted Advisor
    Posted Aug 10, 2012 01:41 PM

    Hello,

    Seclog.log located in C:\Program Files \Symantec\Symantec Endpoint Protection\seclog.log are in RAW logs.

    In your case, you could Run the SEP Support Tool to collect the SEP Logs from which you could check it.

    http://www.symantec.com/docs/HOWTO72599

    OR

    You would have to open the SEP client on the client machine and click on View Logs >> Click on View Logs under Client Management and click on Security Logs.

    and to Export the logs, click on File and then click on Export.

    Hope that helps!!