Symantec Endpoint Protection - client logs?
We're planning to add our Symantec Endpoint Protection management server to enVision. The Device Configuration indicates we can select from a variety of SEPM logs:
Management Server Logs
- System Administrative Log
-System Client-Server Activity Log
-System Server Activity Log
- Client Activity Log
- Security Log
- Traffic Log
- Packet Log
- Control Log
- Scan Log
- Risk Log
- Proactive Threat Protection Log
1) Do we need the client logs to see virus/malware activity, or is that information encapsulated in the Management Server logs?
2) If we do grab client logs, does SEPM still count as one device in enVision, or do we have to account for each SEPM clients individually in enVision?
If you are collecting logs via Syslog or ODBC from SEPM the following is true.
1) The client logs are required to see the virus/malware activity detected by the clients.
2) The SEPM will count as 1 device in enVision. The clients will not be counted individually.