Previous Post Next Post

Log Analyze

Created: 12 Sep 2012 | Updated: 22 Nov 2012 | 4 comments

ajhay.siingh

This issue has been solved. See solution.

Hi All,

I need to know that in symnatec logs how can identify and analyze the logs, for all activities done on SEPM, e.g:- moving client to differnet group, what time?, which user? pwd reset logs etc? All type of activities logs how can identify through logs? Plse submit your inputs

Discussion Filed Under:

Security, Endpoint Protection (AntiVirus), Best Practice

Group Ownership:

Deployment and Imaging, IT Consultant Group, Los Angeles Endpoint Management User Group, Mumbai Security and Compliance User Group, New York Endpoint Management User Group

Show More

Deployment and Imaging, IT Consultant Group, Los Angeles Endpoint Management User Group, Mumbai Security and Compliance User Group, New York Endpoint Management User Group, Symantec Customer Advisory Program – Enterprise Security

Show Less

Comments RSS Feed

Comments 4 Comments • Jump to latest comment

Chetan Savade Symantec Employee Technical Support Accredited

Log Analyze - Comment:12 Sep 2012 : Link

Hi,

Not all the activities are monitored however the event logs for administrator activities can be viewed in the SEPM console using the following steps:

Select the Monitors section to the left.
Select the Logs tab.
Choose Log type: System and Log Content: Administrative.
Select a Time range and click View Log.

Check following article for more details:

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

Similar thread: https://www-secure.symantec.com/connect/forums/log...

Promote this idea as well: https://www-secure.symantec.com/connect/ideas/client-movement-logs-audit

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&

SOLUTION

Ashish-Sharma

Log Analyze - Comment:12 Sep 2012 : Link

Hi Ajhay,

Check this thread

https://www-secure.symantec.com/connect/forums/log-client-group-movement

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents

Ashish-Sharma

Log Analyze - Comment:15 Sep 2012 : Link

Hi Ajhay,

you have configured Email Notification for SEP client movement

Check robinsharma comments

https://www-secure.symantec.com/connect/forums/log-client-group-movement

Have you create the notification of Change Client Inofrmation??

If created then please find the log of that system movement from the same email alerts then do the below step

Login Console

Monitors > Logs > Log type: System, Log content: Administrative

Set the time range with specified time.

Then View Result

There log will display (computers moved, copied or deleted).

Check and match with your Notification mails.

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents

Brian81 Trusted Advisor

Log Analyze - Comment:17 Sep 2012 : Link

This is all done in the administrative log on the SEPM under Monitors.

SEP Knowledge Base

Endpoint SWAT