Video Screencast Help

SEPM11 audit logs

Created: 09 Jan 2013 • Updated: 23 Jan 2013 | 2 comments
This issue has been solved. See solution.

Hi,

 

 We are upgrading the SEPM11 version from SAV and i am new to the Endpoint protection.

 Could any one tell how to view audit logs in SEPM11 , For eg: I am moving system from one subgroup to another. how to view which user & when the system got moved in logs.

 Could any one share me the videos relate to SEPM11 configuration with AV,AS,PTP,NTP for Best practices.

Comments 2 CommentsJump to latest comment

.Brian's picture

For Audit logs, go to Monitors page >> Logs tab

Select Audit for Log type

Check here:

Symantec Endpoint Protection Recommended Best Practices for Securing an Enterprise Environment

Article:TECH166816  |  Created: 2011-08-10  |  Updated: 2012-11-30  |  Article URL http://www.symantec.com/docs/TECH166816

 

Top "Best Practices" Articles for Symantec Endpoint Protection (SEP) 11.0x

Article:TECH181685  |  Created: 2012-02-17  |  Updated: 2012-03-01  |  Article URL http://www.symantec.com/docs/TECH181685

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

The Audit log contains information about policy modification activities, such as the event times and types, policy modifications, domains, sites, administrators, and descriptions.

The default Audit quick report is called Policies Used. View the Policies Used report to monitor the policies in use in your network, by group. You can look at the Audit log when you want to see which administrator changed a particular policy and when.

About the reports you can run

Check these Articles:

About log types

http://www.symantec.com/docs/HOWTO27271

About Computer Status reports and logs

http://www.symantec.com/docs/TECH95541

About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

For Client updates:

Monitors > Logs >  [Log type] System > [Log content] Client Activity > Advanced Settings > [Event type] Installation events

OR

If you're using AutoUpgrade method to upgrade your clients, you can also try the following:

Monitors > Logs >  [Log type] System > [Log content] Client-Server Activity > Advanced Settings > [Event type] AutoUpgrade download

 

As far as video's are concerned - 

https://www-secure.symantec.com/connect/security/videos

Check the Best Practices Downloadable Documents - 

Configuring the Symantec Endpoint Protection 11.x Client for Self-Protection

SEP Sizing and Scalability recommendations v2.3

Top 25 Best Practices for Symantec Endpoint Protection 11.0

http://www.symantec.com/connect/articles/top-25-best-practices-symantec-endpoint-protection-110

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION