Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Date/Time - seclog.log

Created: 10 Aug 2012 | 1 comment

Hello,

I wonder if it's even possible to identify date and time of an event recorded in seclog.log. Here is an example of the data:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

C:\Program Files\Symantec\Symantec Endpoint Protection>type seclog.log

00000001        00300000        00000000        00000001        00000000        0000000000000001    0000001e
000001a3        01cd32b0b8b50763        000000ce        00000003        6130900a        1432290a        00000002        00000000        00000002        01cd32b0
b053589c        01cd32b0b058138c        00000002        00000004        [SID: 24121] Web Attack: Malicious Toolkit Website 10 detected.
Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exe         C:\Program Files\Internet Explorer\iexplore.exe 9^
 ←xî    █                                       Desktop Office  user DOM1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I do not always have access to a PC to use GUI to check the log. And in this particular case, SEP client hasn't uploaded logs to SEP server, so i can't see them from the server side either. I can connect to the PC in question over the network and access seclog.log, but as shown above i cannot determine when the event has happened.

Is there any way to find out when this event occured?

Any help is much appreciated.

Regards,

Comments 1 CommentJump to latest comment

Mithun Sanghavi's picture

Hello,

Seclog.log located in C:\Program Files \Symantec\Symantec Endpoint Protection\seclog.log are in RAW logs.

In your case, you could Run the SEP Support Tool to collect the SEP Logs from which you could check it.

http://www.symantec.com/docs/HOWTO72599

OR

You would have to open the SEP client on the client machine and click on View Logs >> Click on View Logs under Client Management and click on Security Logs.

and to Export the logs, click on File and then click on Export.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.