Symantec ESM lets you maintain and view audit logs of events. Security officers can use these logs to determine if users make unauthorized changes.
Symantec Intruder Alert users can monitor the audit log file using that application.
Audit logs record the following events:
Each manager that is connected to the ESM console can maintain an audit log. Before you can keep or view an audit log on a manager, you must enable it for that manager. The audit log is enabled by default at installation.
To enable audit and disable logging
On the enterprise tree, right-click a manager, and then click Properties.
Check Audit log enabled to enable audit logging, and uncheck it to disable audit logging.
If you enable audit logging, then in the Max. log size box, type the maximum file size.
Symantec ESM automatically starts a new log file when the current log file reaches the size that you designate.
On the enterprise tree, right-click the manager, and then click View audit log.
In the Account name box, select one of the following options:
In the Server box, select one of the following options:
Click All to view internal events for all connection identifiers.
Click a specific connection identifier to view internal events for the connection.
The unique connection identifier lets you follow a connection to the manager. The type of connection identifier depends on the manager computer's platform.
Select a time period to view in the After date/time and Before date/time boxes.