Endpoint Protection

 View Only

  • 1.  Retention Period for 1 year

    Posted Feb 05, 2018 05:38 AM

    Hello everyone,

    We have SEPM 14.0 deployed with a SQL database. We have a specific group of computers (including desktops and servers) running 12.1.x version which are in PCI scope. 

    We have a compliance requirement for this specific group of computers to have logs retained for 1 year. We have created a specific group for this PCI computers. Can we increase the log retention period to be one 1 year for this specific PCI group and not the other groups in SEPM?

    Can we have log retention period to be 1 year for only this specific group and no other groups?

     

    Thanks



  • 2.  RE: Retention Period for 1 year
    Best Answer

    Posted Feb 05, 2018 05:50 AM

    that is a Site setting, It would be applicable  all Groups



  • 3.  RE: Retention Period for 1 year

    Posted Feb 05, 2018 06:32 AM

    So we cannot have only 1 group to have retention period for 1 year and have other groups a retention period of 1 or 2 months? Thanks



  • 4.  RE: Retention Period for 1 year
    Best Answer

    Posted Feb 05, 2018 07:08 AM

    You can adjust a setting to store logs on the client for a specific time period under Clients page >> Policies tab >> Client Log This does nothing for compliance though.

    For SEPM, the setting is under the Admin page >> Database >>  Log Settings tab. It applies to all groups so it's not possible to break it up by group.



  • 5.  RE: Retention Period for 1 year
    Best Answer

    Trusted Advisor
    Posted Feb 05, 2018 07:19 AM

    Hello,

    Yes, you can manage client logs retention for a specific group changed.

    Below are the steps:

    1.) Login to the SEPM console.

    2.) Click on ''Clients'' page of the console, and then select the client group where the log retention settings are to be changed

    3.) With the client group selected, click on the Policies tab for this group, then access the Client Log Settings.

    4.) Configure client log retention settings as needed, clicking OK to commit changes when finished. 

    These changes will apply to the client group selected, as well as any sub-groups which are inheriting from this group.  

    Refer:  https://support.symantec.com/en_US/article.TECH188992.html

     

    Secondly for you could Increase the Log size which are maintained in the Database by

    SEPM console >> Admin >> Servers >> Local Server and Click on Edit Site Properties >> Log settings

    Also, check this Article on How to manage SEP client log retention settings in SEP 12.1

    http://www.symantec.com/docs/TECH188992

    You could also create an External Logging and Export log data to a Syslog server

    Admin-> Servers-> Local Site -> Configure External Logging

    Check this Threads: 

    https://www-secure.symantec.com/connect/forums/how-configure-external-logging-ssim-symantec-endpoint-protection

    https://www-secure.symantec.com/connect/forums/external-logging-syslog-server

    Hope that helps!!