Endpoint Protection

 View Only
Expand all | Collapse all

SEPM Application and Device Control Logs

  • 1.  SEPM Application and Device Control Logs

    Posted May 05, 2014 09:37 AM

    hello everyone,

     

    I have a question about application and device control logs which can be seen on SEPM. When I set the criteria for displaying logs for last three months I can only see logs for one month, though I know that there was blocking in those two months which aren't shown on SEPM. 

    The version of SEPM is 12.1.2 

    Secondly when configuring log retention , there are two ways in which it can be done. First is we can set the log retention period in the  edit database properties by going into ADMIN > local site > edit site properites.

    Second option is Clients > My company > Log setting. 

    What is the diffrence between two ? and if we have configured difrrent parameters in both which takes precedence ? 

    Waiting for your kind replies. Regards,



  • 2.  RE: SEPM Application and Device Control Logs

    Posted May 05, 2014 09:40 AM

    How long do you keep logs? I believe default is 60 days.

    For the first option, this is how long SEPM will retain logs.

    For the second option, this is how long client will retain logs.

    Using your first option, you can see how long they're being kept.



  • 3.  RE: SEPM Application and Device Control Logs

    Posted May 05, 2014 09:45 AM

    Thanks for your reply Brian. Yes in Admin > local host > edit database properties it is 60 days.

    But when i go into Clients > My company > Log settings I see that retention period for control log is 14 days.

    What is the diffrence between both ? and which takes precedence ? 60 days or 14 days ?

     

    Regards,



  • 4.  RE: SEPM Application and Device Control Logs

    Posted May 05, 2014 09:47 AM

    so according to this when happens after 60 days ? previous logs are flused ? for example if I want to view logs for the last year they wont be shown ?

     

    Regards,



  • 5.  RE: SEPM Application and Device Control Logs

    Posted May 05, 2014 09:48 AM

    The SEPM retains all logs (from clients) for 60 days total.

    The client retains it's logs for 14 days total before purging. SEPM will still keep these though for a total of 60 days.



  • 6.  RE: SEPM Application and Device Control Logs

    Posted May 05, 2014 09:49 AM

    Correct. SEPM only keeps 60 days worth. You can adjust to keep a years worth but you better have adequate space or better yet move to a syslog server.



  • 7.  RE: SEPM Application and Device Control Logs

    Posted May 05, 2014 09:54 AM

    please consider this according to the current scenerio of mine .

    As the criteria is for last three months to show logs. 3 months = 90 days

    Default retention period is of 60 days.

    Today I run the query to display logs of last three months. only the last two months logs will be shown ? Meaning as of now logs April and May ? 

    Waiting for your kind reply. Regards,



  • 8.  RE: SEPM Application and Device Control Logs
    Best Answer

    Posted May 05, 2014 09:58 AM

    Yes, correct. If you need the SEPM to retain 90 days worth of logs then you will need to change it to be 90 days. 60 days back will show you a good chunk of march as well.



  • 9.  RE: SEPM Application and Device Control Logs

    Posted May 06, 2014 03:40 AM

    Why isn't SEPM showing logs for 2 months then ? Why is it showing application and device control for 3 days ?  What troubleshooting am I required to do ? Please do reply.

     

    Best Regards,

     

     



  • 10.  RE: SEPM Application and Device Control Logs

    Posted May 06, 2014 04:47 AM

    Just posted in your other thread:

    https://www-secure.symantec.com/connect/forums/application-and-device-control-logs-missing-sepm#comment-10086481



  • 11.  RE: SEPM Application and Device Control Logs

    Posted May 11, 2014 03:34 AM

    thanks for your reply Brian