Symantec Endpoint Encryption Management Server (SEE Management Server) has the capability to log administrative events, such as if an administrator assigned a particular policy.
It also has the ability to capture Client Events that are sent to the SEE Management Server. This article will show you how to access these logs for additional viewing and analysis.
The SEE Management Server has a new Web Console that is very useful to use. In this version of the software, the Admin Log and Client Events are still available only via the SEE Manager on the server itself.
In a future version of the software, these will be available in the new web console, but for now, to access them, login to the SEE Management Server.
Step 1: Open the Symantec Endpoint Encryption Manager.
Step 2: Click on Symantec Endpoint Encryption Reports.
Step 2: Then expand the "Management Server Reports".
Step 3: Click on the "Admin Log" in order to view the logging events for this category
As you can see to the right of the Window, you will have the dates, the Administrator, the "Management Computer" from where the action took play as well as the Description.
Step 4: You will also have the capability to see the "Client Events" in this area of the SEE Management Server by clicking on this category:
You can also select a date range to zero in on specific activities at a specific timeline.
In the report above, there are no entries, this means the computer has not sent anything to the SEE Management Server.
Important Note:
In SEE Management Server 11.4 MP1 and older, the Admin Log entries were removed after 180 Days. This means that activities that happened over 180 Days ago will be purged.
The Client Events were stored for only 30 days.
Starting with SEE 11.4 MP2, these logs are now retained on the SEE Management Server for three years (1095 Days).
In addition to viewing the logs above in the SEE Management Server Manager, you can export the log files by clicking on "Export":
You will then have some .CSV files saved to the location you selected:
You can open these files with your favorite spreadsheet application:
If you move a machine from one Group to another, it is possible the different group could have a different Policy.
Keep this in mind, especially when dealing with the Autologon policy that different groups can have different Policies.
If you would like to see what happens in the logs, check on the SEE Management Server:
Under the Admin log section, you can specify the date timeframe, which will show you the Date-Time, User, and Management Computer, then run the report:
You can also see in the "Activity Description":
If you are not seeing the reporting in the way that is expected, reach out to Symantec Encryption Support for further guidance.