Endpoint Protection

 View Only
  • 1.  How do I enable ability to clear NTP logs from client?

    Posted Aug 23, 2013 11:10 AM

    I need to work through false positives(blocked) in the NTP (traffic) log on managed SEP12.1.3 clients. How do I enable ability to clear NTP logs from client through policy in SEPM? Also, can I manually delete the Tralog from clients,  should I stop SMC first?

    Thanks in advance, this forum rocks!



  • 2.  RE: How do I enable ability to clear NTP logs from client?

    Posted Aug 23, 2013 11:24 AM
    I believe you need to set the client to user mode. Yep try stopping smc first.


  • 3.  RE: How do I enable ability to clear NTP logs from client?

    Trusted Advisor
    Posted Aug 23, 2013 11:29 AM

    Hello,

    To help control hard disk space, you can decrease the number of log entries that the database keeps. You can also configure the number of days the entries are kept.

    Log information on the Symantec Endpoint Protection Manager console Logs tab on theMonitors page is presented in logical groups for you to view. The log names on the Site Properties Log Settings tab correspond to log content rather than to log types on the Monitors page Logs tab.

    To specify how long to keep log entries in the database

    1. In the console, click Admin.

    2. Under Servers, expand Local Site, and click the database.

    3. Under Tasks, click Edit Database Properties.

    4. On the Log Settings tab, set the number of entries and number of days to keep log entries for each type of log.

    5. Click OK.

    To clear log data from the database manually

    1. To prevent an automatic sweep of the database until after a backup occurs, increase a site's log size to their maximums.

    2. Perform the backup, as appropriate.

    3. On the computer where the manager is installed, open a Web browser and type the following URL:

      https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=SweepLogs

      After you have performed this task, the log entries for all types of logs are saved in the alternate database table. The original table is kept until the next sweep is initiated.

    4. To empty all but the most current entries, perform a second sweep. The original table is cleared and entries then start to be stored there again.

    5. Return the settings on the Log Settings tab of the Site Properties dialog box to your preferred settings.

    Check these Articles:

    http://www.symantec.com/docs/HOWTO81197

    http://www.symantec.com/docs/HOWTO81198

    http://www.symantec.com/docs/HOWTO81208

    Hope that helps!!


  • 4.  RE: How do I enable ability to clear NTP logs from client?

    Broadcom Employee
    Posted Aug 23, 2013 11:49 AM

    Hello,

    Thank you for posting in Symantec community.

    I would be glad to answer your query.

    Change the log settings into the SEPM

    Navigate to the following location: SEPM --> Admin --> Servers --> Select 'Local database'--> Right click & Click on Edit database properties --> Go to the 'log settings'

    Screenshot is attached to the reference.

    You can change the settings to 1 day to wipe out old logs immediately.

    Risk log setting in SEPM_1.png



  • 5.  RE: How do I enable ability to clear NTP logs from client?
    Best Answer

    Posted Aug 24, 2013 05:41 AM

    As Brian says, you have to switch the client to client mode:

    SEPM  > Clients > [Group] > Policies > Location-specific settings >
    Client User Interface Control settings > Client Control

    Then you can delete the NTP log on the client:

    Client GUI > Status > Network Threat Protection > Options/Change settings > Logs >
    Clear Traffic Log File

    Don't forget to switch back to Server Control smiley

    It's not necessary to stop smc.exe.



  • 6.  RE: How do I enable ability to clear NTP logs from client?

    Posted Aug 26, 2013 12:35 PM

    In testing, I'm unable to delete tralog.log, even if I stop smc.

    Either way, setting to client mode will allow you to clear the log from the client.



  • 7.  RE: How do I enable ability to clear NTP logs from client?

    Posted Aug 26, 2013 12:38 PM

    Hi Brian,

     

    I found that with the service stopped, one can rename tralog.log to .old. Once the service starts, a new Tralog.log is created.