The System Activity log collects information about system-related activities that occur in your environment. It stores this information in the form of events, which are comprised of various fields that contain information about each event. In Symantec Advanced Threat Protection (ATP), you can search the System Activity log for events based on queries that you create, or by using predefined Quick Filters.
Searches can help you troubleshoot system health issues. They can also help you identify activities that were initiated by an ATP, user or by ATP itself.
The types of System Activity events
The System Activity logs include two types of events:
These events pertain to the overall state of your ATP software, and the hardware that is in your network.
These events pertain to:
Actions that your users initiated in ATP Manager. These actions include generating reports, performing and canceling searches, issuing commands, and so on.
Actions that ATP initiated. These actions include backing up your data, upgrading your ATP software, updating your content (such as LiveUpdate virus definitions), and so on.
Working in the System Activity log
Any user can perform a search from the Logging > System Activity page.
On the System Activity page, you can:
Search for activity based on a query that you create
Search for activity using Quick Filters
Refine your search results based on a time filter
Export your search results to a .CSV text file
ATP Manager displays a maximum of 500 records in the Events Summary. However, ATP includes up to 10,000 records when you export them to a .CSV text file.