Hello,
The Audit log contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.
The default Audit quick report is called Policies Used. View the Policies Used report to monitor the policies in use in your network, by group. You can look at the Audit log when you want to see which administrator changed a particular policy and when.
The audit log may be viewed by running the following query against the SEPM database:
use sem5;
select DATEADD(s, TIMESTAMP/1000, '1970-01-01 00:00:00') as DATETIME, *
from V_AUDIT_LOG order by DATETIME desc;
(http://www.symantec.com/docs/TECH224695)
The SEPM stores by default only 20 thousand entries or 60 days of logs for these controls.
You need change the number of control logs to be stored.
- Open the SEPM > Admin > Servers
- Select the database icon ''localhost'' and right click the mouse on ''Edit Database Properties''
- Select the Log Settings tab and change the ''Control Log Limit'' for increase the amount of logs for application control logs.
NOTE: When the number of entries be increased then the database will increase and will consume more disk space.
Hope that helps!