Hello,
I wonder if it's even possible to identify date and time of an event recorded in seclog.log. Here is an example of the data:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
C:\Program Files\Symantec\Symantec Endpoint Protection>type seclog.log
00000001 00300000 00000000 00000001 00000000 0000000000000001 0000001e
000001a3 01cd32b0b8b50763 000000ce 00000003 6130900a 1432290a 00000002 00000000 00000002 01cd32b0
b053589c 01cd32b0b058138c 00000002 00000004 [SID: 24121] Web Attack: Malicious Toolkit Website 10 detected.
Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe 9^
←xî █ Desktop Office user DOM1
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I do not always have access to a PC to use GUI to check the log. And in this particular case, SEP client hasn't uploaded logs to SEP server, so i can't see them from the server side either. I can connect to the PC in question over the network and access seclog.log, but as shown above i cannot determine when the event has happened.
Is there any way to find out when this event occured?
Any help is much appreciated.
Regards,