Default / Firewall log parameters in Symantec Endpoint Protection Manager (SEPM) are either not allowing the logging of events related to the rules the customer would like to monitor; or they are logging events which the customer doesn't need to keep track of. Therefore customer would like to customize the firewall log according to his needs.
Possible cause is that the default parameters set when Symantec Endpoint Protection Manager (SEPM) was installed don't meet that specific customer's needs.
To perform the modifications from within a specific Clients Group:
To perform the modifications from within the Policies Tab:
In the SEPM, go to Policies. On the policies' list, click on Firewall and then select the Firewall Policy you want to modify. Click "Edit the policy" from within the Tasks list below and follow the instructions on point 3) above. The new settings will be effective to all the groups that that policy is applied to.
To configure this setting upon creation of a new Firewall rule:
When you add a new firewall rule to an existing Firewall Policy, the last settings that you will be prompted to configure pertain to the logging of events related to the triggering of that rule. At that stage you will be asked only to confirm if you want to log these events or not, by answering "yes" or "no", and the default logging will be done on the "Traffic log". However once the new rule is created you can then change these settings by using the same procedures described above to edit existing firewall rules.
OBS: Remember that all modifications performed in the SEPM will only be taken into account by the Symantec Endpoint Protection (SEP) clients either on the next heartbeat (automatic contact with server) or if you manually force the content update. To manually force the content update, either right click on a group of SEP clients or on one specific SEP client and choose "run command on group/client" and then "update content".
Applies To
Any supported environment.