Endpoint Protection

 View Only

  • 1.  How to disable system event logging on event viewer

    Posted Apr 14, 2015 12:32 AM

    Hi folks,

     

    My client have bunch of events on system event viewer after installed sep client on windows and linux servers.

    Since they are monitoring this events and got too many messages, I have asked to disable this system event logging.

    (They want see these logs only through sepm)

    Is there any way to disable sep system event logging but still logging to sepm?

     

    Thanks in advance.



  • 2.  RE: How to disable system event logging on event viewer

    Trusted Advisor
    Posted Apr 14, 2015 02:21 AM

    Hello,

    I am not sure if you could disable the windows / linux system events for a specific application (in your case - Symantec Endpoint)

    What I know is how to Start/Stop Windows Event Log service.

    • Type services.msc and press Enter
    • Locate Windows Event Log observe his current status and open to make changes.
    • From General tab you can Start/Stop and change the Windows Event Log .
    • To finish press ok button and close Services window

    As for the Symantec Endpoint Protection Manager continues to maintain its system event notifications -

     

    notification.png

     

    Regards,



  • 3.  RE: How to disable system event logging on event viewer

    Posted Apr 14, 2015 04:17 AM

    Hello Mithun,

    Thanks for your answer but we can't disable windows event service just for sep.

    If posssible, I hope symantec sep have funtion to disable only sep system event logging.



  • 4.  RE: How to disable system event logging on event viewer

    Trusted Advisor
    Posted Apr 14, 2015 04:40 AM

    Hello,

    Yes, you can disable by removing the notification as shown in the above screenshot and you check the monitor --> logs  you will find the relevant log information from clients to server.

    Events that are logged on the local client and forwarded on to the Symantec Endpoint Protection Manager. Many, but not all, of these events appear in the Windows Application Log.

    Following aritcle should answer your query.

    Smantec Endpoint Protection 12.1.x event log entries

    http://www.symantec.com/docs/TECH186925

    That means the list of events in the above article are all logged in the SEPM server and some other events (not listed in there) are also listed in the WIndows Event Viewer \ Application log.

    SEP will also write to it's own Windows event log called Symantec Endpoint Protection Client.

    Capture_38.JPG

    However, the logs on the SEP client will contain more info for sure.

     



  • 5.  RE: How to disable system event logging on event viewer
    Best Answer

    Posted Apr 14, 2015 06:04 AM
    I don't believe you can disable SEP writing to the Windows event log.


  • 6.  RE: How to disable system event logging on event viewer

    Posted Apr 14, 2015 07:50 AM

    Hello,

    I guess the guide you gave is for blocking notification message from sepm.

    My client use their own server monitoring agent which monitor server event log and this agent generate too many message for sep logs.

    So they want to disable sep writing logs on server event viewer for windows server and also for linux, /var/log/messages