Endpoint Protection

 View Only

  • 1.  Policy modification data

    Posted Jan 28, 2013 12:33 AM
    I have one auditable query. I want the data of policy modifcation. When policy has change what change has been made and from which id. I required the last 6 month data. Any idea how to get it.


  • 2.  RE: Policy modification data

    Posted Jan 28, 2013 12:39 AM

    Hi,

     
    Currently this facility not available you can vote up this idea for future release.
     
     


  • 3.  RE: Policy modification data

    Broadcom Employee
    Posted Jan 28, 2013 12:56 AM
    you will get to know who made the changes however the changes that have been made is not currently available.


  • 4.  RE: Policy modification data

    Posted Jan 28, 2013 12:58 AM
    So you mean that this information not store in sep database


  • 5.  RE: Policy modification data

    Posted Jan 28, 2013 01:13 AM

    Agreed with above comments.



  • 6.  RE: Policy modification data

    Posted Jan 28, 2013 01:16 AM

    Yes, Currently this details not available in sepm database



  • 7.  RE: Policy modification data
    Best Answer

    Trusted Advisor
    Posted Jan 28, 2013 01:54 AM

    Hello,

    The Audit log contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.

    The default Audit quick report is called Policies Used. View the Policies Used report to monitor the policies in use in your network, by group. You can look at the Audit log when you want to see which administrator changed a particular policy and when.

    Check this - http://www.symantec.com/docs/HOWTO27244

    About the reports you can run

    Check these Articles:

    About log types

    http://www.symantec.com/docs/HOWTO27271

    About Computer Status reports and logs

    http://www.symantec.com/docs/TECH95541

    About the different types of Symantec Endpoint Protection Manager Reports

    http://www.symantec.com/docs/TECH95538

    For Client updates:

    Monitors > Logs >  [Log type] System > [Log content] Client Activity > Advanced Settings > [Event type] Installation events

    OR

    If you're using AutoUpgrade method to upgrade your clients, you can also try the following:

    Monitors > Logs >  [Log type] System > [Log content] Client-Server Activity > Advanced Settings > [Event type] AutoUpgrade download

    Reference: https://www-secure.symantec.com/connect/forums/sepm11-audit-logs

    Hope that helps!!



  • 8.  RE: Policy modification data

    Posted Jan 28, 2013 02:52 AM

    Have a look here:

    About the information in the Audit report and log

    http://www.symantec.com/docs/HOWTO27244

    ...as per KB:

    - audit report will give you information about policies being used and policy assignements

    - audit log will show you all the policy related activities (policy added. edited etc.) - and what administrator has implemented the changes.