Video Screencast Help

Is there a way to regularly email data from Monitors - Logs

Created: 16 Nov 2012 | 5 comments

Mighty all,

I'm looking for a way to email myself on a regular basis data from Monitors-Logs-Network Threat Protection-Traffic. Is there a way to do so without leveraging 3rd party tools like SQL Reporting?

Thanks in advance!

Comments 5 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Check this may be help

Network Threat Protection Email Notifications

You may want to create a Network Threat Protection notification that is triggered when a traffic
event matches the criteria that are set for a firewall rule.

To create this type of notification, you must perform the following tasks:
 

  • In the Firewall Policy Rules list, check the Send Email Alert option in the Logging column of the rules you want to be notified about.
  • On the Notifications tab, configure a Client security alert for Network Threat Protection, Packet, or Traffic events.
  • Run a batch file or other kind of executable file.

Note: To send notifications by email, you must also configure a mail server. To configure a mail
server, click the Admin > Servers page, select a server, click Edit Server Properties, and then
click the Mail Server tab.

See “Configuring notifications for Network Threat Protection” below, or on page 483 of the
Administration_Guide.PDF

For a description of each configurable option, you can click Tell me more on the
Symantec Endpoint Protection Manager Console.Tell me more displays context-sensitive Help .

Note: You can filter your view of the Notification Conditions you have created by using the Show
notification types list box. To be sure that the new notifications that you create are displayed, make
sure that All is selected in this list box.

To Create a Network Threat Protection administrative notification:
 

  1. In the management console, click Monitors.
  2. On the Notifications tab, click Notification Conditions.
  3. Click Add and select Client security alert.
  4. Type in a name for this notification.
  5. If you want to limit this notification to specific domains, groups, servers, or computers, specify the filter options that you want.
  6. To further filter when the notification is sent select one of the following outbreak types:
    • Occurrences on distinct computers
    • Occurrences on any computer
    • Occurrences on single computer
  7. To specify the type of Network Threat Protection activity, check one of the following check boxes:
    • For the attacks and events that the firewall detects or the Intrusion Prevention signatures detect, check Network Threat Protection events
    • For the firewall rules that are triggered and recorded in the Packet Log, check Packet events
    • For the firewall rules that are triggered and recorded in the Traffic Log, check Traffic events
  8. If desired, change the default notification conditions to set the number of occurrences within the number of minutes that you want to trigger this notification.
  9. Check Send email to, and then type in the email addresses of the people that you want to notify when these criteria are met.
  10. Click OK.

Reference

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/d28e5621b64d9ddb88257543007672ff?OpenDocument

Thanks In Advance

Ashish Sharma

 

 

zhitenev's picture

Hello. Thank you for promptly getting back to me.

Unfortunately this is not what I'm looking for: those methods will send me a notification each time there is an event logged but I'm looking for a way to get a daily report on all of the new entries in the traffic/packets log.

Chetan Savade's picture

Hi,

The Traffic, Packet, and Attacks logs are accessed from the SEPM's Monitors tab, Logs, Network Threat Protection.

The other reports can be accessed through the SEPM's Reports tab, Quick Reports, Network Threat Protection.

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/business/support/index?pag...

1) About log types

http://www.symantec.com/docs/HOWTO27271

2) About Computer Status reports and logs

http://www.symantec.com/docs/TECH95541

3) About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

4) Saving and deleting filters

http://www.symantec.com/docs/HOWTO27267

5) Customize the Logs / Reports

https://www-secure.symantec.com/connect/articles/how-export-virus-definition-and-client-information-excel-format

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

.Brian's picture

To get exactly what you're looking for, I don't believe you can do that. You can set up various alerts or reports but to email exactly what you're seeing, there is no way from that page.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.