RSA Admin

Symantec Endpoint Protection - client logs?

Discussion created by RSA Admin Employee on May 23, 2011
Latest reply on May 31, 2011 by RSA Admin

We're planning to add our Symantec Endpoint Protection management server to enVision. The Device Configuration indicates we can select from a variety of SEPM logs:

 

Management Server Logs
- System Administrative Log
-System Client-Server Activity Log
-Audit Log
-System Server Activity Log

Client Logs
- Client Activity Log
- Security Log
- Traffic Log
- Packet Log
- Control Log
- Scan Log
- Risk Log
- Proactive Threat Protection Log

 

Two questions:

1) Do we need the client logs to see virus/malware activity, or is that information encapsulated in the Management Server logs?

2) If we do grab client logs, does SEPM still count as one device in enVision, or do we have to account for each SEPM clients individually in enVision?

Outcomes