Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM11 audit logs

Created: 09 Jan 2013 • Updated: 23 Jan 2013 | 2 comments
This issue has been solved. See solution.


 We are upgrading the SEPM11 version from SAV and i am new to the Endpoint protection.

 Could any one tell how to view audit logs in SEPM11 , For eg: I am moving system from one subgroup to another. how to view which user & when the system got moved in logs.

 Could any one share me the videos relate to SEPM11 configuration with AV,AS,PTP,NTP for Best practices.

Comments 2 CommentsJump to latest comment

.Brian's picture

For Audit logs, go to Monitors page >> Logs tab

Select Audit for Log type

Check here:

Symantec Endpoint Protection Recommended Best Practices for Securing an Enterprise Environment

Article:TECH166816  |  Created: 2011-08-10  |  Updated: 2012-11-30  |  Article URL

Top "Best Practices" Articles for Symantec Endpoint Protection (SEP) 11.0x

Article:TECH181685  |  Created: 2012-02-17  |  Updated: 2012-03-01  |  Article URL

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


The Audit log contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.

The default Audit quick report is called Policies Used. View the Policies Used report to monitor the policies in use in your network, by group. You can look at the Audit log when you want to see which administrator changed a particular policy and when.

About the reports you can run

Check these Articles:

About log types

About Computer Status reports and logs

About the different types of Symantec Endpoint Protection Manager Reports

For Client updates:

Monitors > Logs >  [Log type] System > [Log content] Client Activity > Advanced Settings > [Event type] Installation events


If you're using AutoUpgrade method to upgrade your clients, you can also try the following:

Monitors > Logs >  [Log type] System > [Log content] Client-Server Activity > Advanced Settings > [Event type] AutoUpgrade download

As far as video's are concerned -

Check the Best Practices Downloadable Documents - 

Configuring the Symantec Endpoint Protection 11.x Client for Self-Protection

SEP Sizing and Scalability recommendations v2.3

Top 25 Best Practices for Symantec Endpoint Protection 11.0

Hope that helps!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.