Hello,
You can collect the Compliance Logs.
(SEPM > MONITORS > LOGS > Change the Logs type to "Compliance" > Advance Settings)
The compliance logs contain information about the Enforcer server, Enforcer clients, and Enforcer traffic, and about host compliance.
The following compliance logs are available if you have Symantec Network Access Control installed:
-
Enforcer Server
This log tracks communication between Enforcers and their management server. Information that is logged includes Enforcer name, when it connects to the management server, the event type, site, and server name.
-
Enforcer Client
Provides the information on all Enforcer client connections, including peer-to-peer authentication information. Available information includes time, each Enforcer's name, type, site, remote host, and remote MAC address, and whether or not the client was passed, rejected, or authenticated.
-
Enforcer Traffic (Gateway Enforcer only)
Provides some information about the traffic that moves through an Enforcer appliance. Available information includes the time, the Enforcer name, the Enforcer type, and site. The information also includes the local port that was used, the direction, action, and a count. You can filter on the connection attempts that were allowed or blocked.
-
Host Compliance
This log tracks the details of Host Integrity checks of clients. Available information includes the time, event type, domain/group, computer, user, operating system, description, and location.
Reference:
About log types