Mumbai Security and Compliance User Group

 View Only
  • 1.  Log Analyze

    Posted Sep 12, 2012 06:53 AM

    Hi All,

    I need to know that in symnatec logs how can identify and analyze the logs, for all activities done on SEPM, e.g:- moving client to differnet group, what time?, which user? pwd reset logs etc? All type of activities logs how can identify through logs? Plse submit your inputs
     



  • 2.  RE: Log Analyze
    Best Answer

    Broadcom Employee
    Posted Sep 12, 2012 07:10 AM

    Hi,

    Not all the activities are monitored however the event logs for administrator activities can be viewed in the SEPM console using the following steps:

    • Select the Monitors section to the left.
    • Select the Logs tab.
    • Choose Log type: System and Log Content: Administrative.
    • Select a Time range and click View Log.

    Check following article for more details:

    Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

    http://www.symantec.com/docs/TECH141668

    Similar thread: https://www-secure.symantec.com/connect/forums/log-client-group-movement#comment-7673291

    Promote this idea as well: https://www-secure.symantec.com/connect/ideas/client-movement-logs-audit



  • 3.  RE: Log Analyze

    Posted Sep 12, 2012 07:46 AM


  • 4.  RE: Log Analyze

    Posted Sep 15, 2012 10:31 AM

    Hi Ajhay,

    you have configured Email Notification for SEP client movement

    Check robinsharma comments

    https://www-secure.symantec.com/connect/forums/log-client-group-movement

    robinsharma

     

    Have you create the notification of Change Client Inofrmation??

    If created then please find the log of that system movement from the same email alerts then do the below step

    Login Console

    Monitors > Logs > Log type: System, Log content: Administrative

    Set the time range with specified time.

    Then View Result

    There log will display (computers moved, copied or deleted).

    Check and match with your Notification mails.

     



  • 5.  RE: Log Analyze

    Posted Sep 17, 2012 03:46 PM

    This is all done in the administrative log on the SEPM under Monitors.