Endpoint Protection

 View Only

  • 1.  In SEPM, How to increase syslog information logged?

    Posted Dec 25, 2012 08:52 AM

    Hi all,

     

    I am using the External Logging feature to export most of my SEPM logs to logs file.

    Unfortunately, some of the most important information doesn't appear in the log files, although it is accessible via the GUI.

     

    For example:

    1. the unique ID is missing in every log

    2. I audit "writing to USB devices", and the serial number and file size are not logged via syslog (although they appear in the sepm db).

     

    My question is - can I change that? can I set a more verbose syslog logging?

     

    Thanks,

    Marion.



  • 2.  RE: In SEPM, How to increase syslog information logged?

    Posted Dec 25, 2012 09:00 AM

    Hi,

    Check this thread may be help.

    https://www-secure.symantec.com/connect/forums/how-make-sure-sepm-log-saved-least-12-months



  • 3.  RE: In SEPM, How to increase syslog information logged?

    Posted Dec 26, 2012 04:42 AM

    Thanks Ashish, but unfortunately the thread treats a bit different subject.

     

    Is there any way to increase the auditing level to syslog (server or dump file) ? 



  • 4.  RE: In SEPM, How to increase syslog information logged?

    Posted Dec 26, 2012 04:59 AM

    hi,

    Try to increase severity levels...

    What sepm version are you using ?

     

    Exporting data to a Syslog server

    Article:HOWTO27571  |  Created: 2010-01-09  |  Updated: 2010-01-20  |  Article URL http://www.symantec.com/docs/HOWTO27571
     

    Symantec Endpoint Protection Manager logs all messages to syslog server with Informational severity

    Article:TECH98148  |  Created: 2009-01-16  |  Updated: 2010-08-17  |  Article URL http://www.symantec.com/docs/TECH98148