Running SEP 12.1
Is it possible to have the logs that are accessible under Monitor --> Logs be available as a scheduled report?
Specifically, I'd like the Monitors --> Logs --> Application and Device Control --> Application Control (and Device Control) logs to be available as a report to get sent weekly to an administrator account.
The canned reports for App/Dev control are horrible - there is no detail whatsoever.
Currently, a user must log in to the SEPM and manually run the Monitor --> Logs report(s). This is inconvenient at best, and often missed/overlooked/forgotten.
If you have blocked the USB using ADC policy, you should ENABLE the Logging in policy.
it should showup in PTP system Log .....
check this article, this might help
The activity logged can be found in:
- SEP Client > View Logs > Client Management > View Log > Control Log
- The console of Symantec Endpoint Protection Manager (SEPM) > Monitors > Logs > Application and Device Control > Application Control
As my OP mentioned, I see the logs in the SEPM.
My question is how to get that same information as a scheduled report delivered to the SEPM administrator(s).
The Logs cannot be delivered on a schedule (that I've seen), and the Reports option does not have the same options under Application and Device Control.
About the types of reports
Running and customizing quick reports
Check this Article For Looging the USB activity :
I think this will help ...
Thanks for the links, but as I have stated twice now, I see the logs under the MONITOR --> LOGS option. I am getting logged info on USB activity.
How can I generate the same DATA which I am able to view in the log EMAILED as a REPORT on a SCHEDULE. None of the links specify how to accomplish this task.
Thanks for your help.
1. Connect to SEPM
2. Go to "Monitors"
3. Go to "Notifications" tab
4. Click on "Notification Conditions" button at the bottom of the console
5. Click on "Add..." and select "Client Security Alert"
6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type
7. Check "Application Control Events"
8. Specify condition and damper settings
9. Check "Send email to:" and type email address to use
NOTE: more details available regarding each setting by clicking on "Help" button at the bottom of the window
That will work for our needs. A report would be ideal, but this will meet the requirements.