This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2011-05-23 10:07 AM

Symantec Endpoint Protection - client logs?

We're planning to add our Symantec Endpoint Protection management server to enVision. The Device Configuration indicates we can select from a variety of SEPM logs:

 

Management Server Logs
- System Administrative Log
-System Client-Server Activity Log
-Audit Log
-System Server Activity Log

Client Logs
- Client Activity Log
- Security Log
- Traffic Log
- Packet Log
- Control Log
- Scan Log
- Risk Log
- Proactive Threat Protection Log

 

Two questions:

1) Do we need the client logs to see virus/malware activity, or is that information encapsulated in the Management Server logs?

2) If we do grab client logs, does SEPM still count as one device in enVision, or do we have to account for each SEPM clients individually in enVision?

0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2011-05-31 02:30 PM

If you are collecting logs via Syslog or ODBC from SEPM the following is true.

1) The client logs are required to see the virus/malware activity detected by the clients.

2) The SEPM will count as 1 device in enVision. The clients will not be counted individually.

 

 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.