Configuring SEP Client Logging and External Logging
The external logging feature in the Symantec Endpoint Protection Manager (SEPM) allows for saving log data outside of a SEPM server.
These two methods are:
- Exporting log data to a dump file
- Exporting log data to an external logging server.
Both methods are configured in the SEPM console. The following is a high-level overview of the related logging options.
The client-logging configuration can be done without setting up external logging.
Obtaining Log Files from Managed Clients
Generally, it is desirable to gather log data from managed SEP clients. There are two locations in the SEPM to configure logging options for clients and to instruct them to send log data to the SEPM.
Note: It is important to consider disk space requirements on the SEPM and on the clients when gathering log data from clients.
The first location is in the Clients, <Site/Group>, Client Log Settings screen, shown here:
The second location is in the Virus and Spy ware Protection policy applied to clients. Note that there could be multiple policies for managing a variety of clients and each policy assigned to clients will require logging configuration. (If groups inherit settings from the parent site, only the parent site will need to be modified.)
When editing a policy, a new screen will appear over the main SEPM screen that contains these logging options. That screen is shown here:
Configuring External Logging in the SEPM Console
Now that clients are sending log data to the SEPM, it may be desirable to save that log data externally, either to dump files or to an external logging server.
To configure external logging, browse to the following location in the SEPM console:
Admin, Servers, <Site>, Configure External Logging
References:
http://www.symantec.com/docs/HOWTO81168 - Exporting log data to a text file
http://www.symantec.com/docs/HOWTO81169 - Exporting Data to a Syslog Server