This article provides details about the various Windows Event Log IDs that are generated for Drive Encryption.
Windows Event Logs for Drive Encryption are enabled by default. You do not need to create a registry key to enable event logs. Event logs are always logged with an appropriate severity. Event logs reside on the local client computer. You can view these event logs through the Windows Event Viewer.
For more information on enabling the Symantec Endpoint Encryption Management Server, Drive Encryption, and Removable Media Encryption logs, including information on the registry keys and logging levels, see the knowledge base article: Enabling Logging and Debug Logging in Symantec Endpoint Encryption v11.
This section lists the various Drive Encryption client event log IDs with their severity and message