Endpoint Protection

 View Only

  • 1.  Extract Application Logs

    Posted Aug 09, 2016 05:07 AM

    Hi

    I'm trying to extract Application & Device Control's Application logs but was restricted with the time frame. As usual SEPM cannot provide logs older than 6 hours or so.

    I'm trying to extract from SQL but I'm not good at it. I need the following information. Kindly let me know if someone have got idea:

    Event Type = Application Control Rules

    Host Name

    IP Address

    Action

    Begin Time

    Rule Name

    Target



  • 2.  RE: Extract Application Logs

    Posted Aug 09, 2016 07:21 AM

    Limited how? How long are you keeping those logs? 6 hours is way too short.



  • 3.  RE: Extract Application Logs

    Posted Aug 09, 2016 07:25 AM

    this is the closest I have found.

    Apparently, if you have Application & Device policies enabled, you can read the recorded USB activities from the AGENT_BEHAVIOUR_LOG tables. We currently don't use ADC, so this is just a simplistic sample.

    SELECT * FROM AGENT_BEHAVIOUR_LOG_1
UNION
SELECT * FROM AGENT_BEHAVIOUR_LOG_2
ORDER BY TIME_STAMP

     

    if you need more details build you own query from the schema.

     

    Symantec Endpoint Protection 12.1.6 database schema

     



  • 4.  RE: Extract Application Logs

    Posted Aug 09, 2016 07:30 AM

    simple indeed !! provides no value !!