Endpoint Protection

 View Only

  • 1.  SEPM log retention and location

    Posted Aug 26, 2015 10:06 PM

    Hi,

     

    I do have SEPM server version 12.1.2. I need to check the log size on the SEPM folder location. Can you help me where to find the exact path for the audit, and administrative logs? Also, can I also set the logs retentation to 1 year? Is there a maximum log retention that can be configured to SEPM? Thanks

     

    Best Regards,



  • 2.  RE: SEPM log retention and location

    Posted Aug 26, 2015 10:10 PM

    Yes you can configure for as long as you need, see here for SEPM:

    Managing log data in the Symantec Endpoint Protection Manager (SEPM)

    For clients themselves:

    How to manage SEP client log retention settings

    All logs on SEPM can be found here:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox



  • 3.  RE: SEPM log retention and location

    Posted Aug 26, 2015 10:46 PM

    Hi,

     

    There is no information to the link you provided for Managing log data in the SEPM. Thanks



  • 4.  RE: SEPM log retention and location

    Posted Aug 26, 2015 11:06 PM

    The article has info on configuring setttings in SEPM, etc. What are you looking for then?



  • 5.  RE: SEPM log retention and location

    Posted Aug 26, 2015 11:32 PM

    I need to see the audit log and its file size, for me to check if I can configure to have a 1 year log retention. Thanks



  • 6.  RE: SEPM log retention and location

    Posted Aug 27, 2015 12:38 AM

    All logs are captured and processed in SEPM and stored in Database. so you can't actually see how much space it is occupying on the local disk



  • 7.  RE: SEPM log retention and location

    Trusted Advisor
    Posted Aug 28, 2015 03:51 PM
    Hello,
     
    The Audit log contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.
     
    The default Audit quick report is called Policies Used. View the Policies Used report to monitor the policies in use in your network, by group. You can look at the Audit log when you want to see which administrator changed a particular policy and when.
     
    The audit log may be viewed by running the following query against the SEPM database:
     
    use sem5;
    select DATEADD(s, TIMESTAMP/1000, '1970-01-01 00:00:00') as DATETIME, *
    from V_AUDIT_LOG order by DATETIME desc;
     
    (http://www.symantec.com/docs/TECH224695)
     
    The SEPM stores by default only 20 thousand entries or 60 days of logs for these controls.
     
    You need change the number of control logs to be stored.
    1. Open the SEPM > Admin > Servers
    2. Select the database icon ''localhost'' and right click the mouse on ''Edit Database Properties''
    3. Select the Log Settings tab and change the ''Control Log Limit'' for increase the amount of logs for application control logs.
     
    NOTE: When the number of entries be increased then the database will increase and will consume more disk space.
     
    Hope that helps!


  • 8.  RE: SEPM log retention and location

    Posted Aug 31, 2015 01:00 AM

    Usually the logs doesn't occupy much space in the SEPM database when considered to the client packages and the definition files that you keep in SEPM, which occupies a large amount space in the database. Once more thing, if you have the application learning enabled in SEPM, that might take up a little space.

     

    The maximum number of log entries allowed log are 999999999

    The maximum number of days for which those entries can be kept is 9999