Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Log Analyze

Created: 12 Sep 2012 • Updated: 22 Nov 2012 | 4 comments
This issue has been solved. See solution.

Hi All,

I need to know that in symnatec logs how can identify and analyze the logs, for all activities done on SEPM, e.g:- moving client to differnet group, what time?, which user? pwd reset logs etc? All type of activities logs how can identify through logs? Plse submit your inputs
 

Comments 4 CommentsJump to latest comment

Chetan Savade's picture

Hi,

Not all the activities are monitored however the event logs for administrator activities can be viewed in the SEPM console using the following steps:

  • Select the Monitors section to the left.
  • Select the Logs tab.
  • Choose Log type: System and Log Content: Administrative.
  • Select a Time range and click View Log.

Check following article for more details:

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

Similar thread: https://www-secure.symantec.com/connect/forums/log...

Promote this idea as well: https://www-secure.symantec.com/connect/ideas/client-movement-logs-audit

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SOLUTION
Ashish-Sharma's picture

Hi Ajhay,

you have configured Email Notification for SEP client movement

Check robinsharma comments

https://www-secure.symantec.com/connect/forums/log-client-group-movement

robinsharma

 

Have you create the notification of Change Client Inofrmation??

If created then please find the log of that system movement from the same email alerts then do the below step

Login Console

Monitors > Logs > Log type: System, Log content: Administrative

Set the time range with specified time.

Then View Result

There log will display (computers moved, copied or deleted).

Check and match with your Notification mails.

 

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

This is all done in the administrative log on the SEPM under Monitors.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.