Endpoint Protection

 View Only

  • 1.  Symantec System Center 10.1.8.8000 login logs

    Posted Sep 07, 2009 05:23 AM
    Hi guys,

    I use SSC for some weeks and some setting are changed, but I am sure they have not been selected before. The problem is that somehow server group were selected not to obtain AV defs from the parent server and now some machines are seriously outdated.

    Is there any way to view past 10 logins or changes ( made by who ?) applied to the console ?
    Because I suspect someone is making tricks her and I am not very happy with that.

    Thanks


  • 2.  RE: Symantec System Center 10.1.8.8000 login logs

    Posted Sep 07, 2009 06:39 AM

    This is what if found in help file, this should help you out.

    Symantec Client Security events
    Table 1 lists events that are forwarded to the Symantec System Center. Many, but not all, of these events appear in the Windows 2000/XP Application Log.

    Also, the Windows Application Log might not completely conform to this list. For example, event number 34 appears as a log forwarding error in the Symantec System Center, but the event number 34 appears as an Information event for starting Event and Settings Manager.

    Table 1. Events

    Event
     Event number
     Description
     
    Scan Stopped
     2
     Occurs when antivirus scanning completes.
     
    Scan Started
     3
     Occurs when antivirus scanning starts.
     
    Definition File Sent To Server
     4
     Occurs when a parent server sends a .vdb file to a secondary server.
     
    Virus Found
     5
     Occurs when scanning detects a virus.
     
    Scan Omission
     6
     Occurs when scanning fails to gain access to a file or directory.
     
    Definition File Loaded
     7
     Occurs when Symantec Client Security loads a new .vdb file.
     
    Checksum
     10
     Occurs when a checksum error occurs when verifying a digitally signed file.
     
    Auto-Protect
     11
     Occurs when Auto-Protect is not fully operational.
     
    Configuration Changed
     12
     Occurs when a server updates its configurations according to the changes made from the console, excluding configuration changes made in the PRODUCTCONTROL or DOMAINDATA registry keys.

    let me know if you have any question...



     
     



  • 3.  RE: Symantec System Center 10.1.8.8000 login logs

    Posted Sep 07, 2009 06:55 AM
    Login to SSC
    Right click on primary server
    select symanetc antivirus
    select logs
    select event log
    click on the small icon...says about what to display
    check configurations
    now this wil show who logged in ( admin )
    and says the total number of configuration changes
    it will not say what changed, just gives the count



  • 4.  RE: Symantec System Center 10.1.8.8000 login logs

    Posted Sep 07, 2009 07:04 AM
     Open SSC and go to:
    - All Tasks 
    - Symantec Antivirus
    - Logs
    - Eventlog
    imagebrowser image

    from here you can see who changed the configuration 

    Update: Rafeeq to fast for me :)


  • 5.  RE: Symantec System Center 10.1.8.8000 login logs

    Posted Sep 07, 2009 07:57 AM
    It's reading the log entries really slow, but someone is going behind the bars :)
    Thanks a lot guys, really appreciate this help