Where can I find Endpoint Protection client log files?
Article ID: 152795
Updated On:
Products
Endpoint Protection
Issue/Introduction
Where can I find the log files for Symantec Endpoint Protection (SEP) client?
What are the functions of each of the log files?
This information can be used for parsing or other data gathering methods.
Note : For some of the logs like, syslog.log, tralog.log, etc, few of the details are in encrypted form as those logic and fields cannot be shared publicly. For those scenarios, it is suggested to use the SEPM logs and the SEPM's External Logging features for gathering the Client logs.
Resolution
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs contain the following log files:
- AVMan.log - Antivirus Management plug-in log (contains copies of all antivirus events)
- CVE.log- Client communication logs (14.2 and up)
- CVE-actions.log- Client communications actions (14.2 and up)
- GUProxy.log - GUP plug-in log (if you have a GUP enabled)
- LUMan.log - LiveUpdate plug-in log
- processlog.log - Application and Device Control log
- rawlog.log - Firewall Packet log
- seclog.log - Security log (IPS events mainly)
- syslog.log - System log
- tralog.log - Firewall Traffic log
Scan logs can be found under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs\AV
%ProgramData%\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs or in %Temp% contains the following log files:
- SIS_INST.log
- SMCinst.log - AutoUpgrade log
- ROLLBACK.log - logs for rollbacks during failed installation
- SEP_INST.log - MSI log
- SYMEVENT.log - System Event Driver install log
- teeferinstall.log - Teefer / Firewall Driver install log
- vpremote.log - Remote push client log
Feedback
Yes
No
Powered by
