Symantec Protection Engine logs events to the local logs by default. The default location for the local logs for Solaris and Linux is /opt/SYMCScan/log. The default location for the local logs for 32-bit Windows platform is C:\Program Files\Symantec\Scan Engine\log\ and C:\Program Files (x86)\Symantec\Scan Engine for 64-bit Windows platform. You can change the location of the logs. You can use the reporting functions to view the local logs.
Statistics logs are used to report the following cumulative scan data:
Total number of files that are scanned, repaired, and quarantined
Total megabytes scanned
Types of violations that are found by violation type
You must enable logging to the statistics logs so that you can view statistics reports. Scan data is logged daily to the statistics log files. You can use the reporting functions to view the statistics data.
You can log events to the Symantec Security Information Manager (SSIM) for event management and correlation. Symantec Security Information Manager integrates multiple Symantec Enterprise Security products and third-party products to provide a central point of control for security within an organization. For more information about how to integrate Symantec Protection Engine with Symantec Security Information Manager, on the Internet, go to the following URL:
If your client uses RPC, Symantec Protection Engine logs certain events to the RPC client logging subsystem. Logging to the RPC client is in addition to the other logging destinations that are available.
Information is logged to the abort log only when Symantec Protection Engine fails to start before the standard protection engine logging is initiated. This failure can occur, for example, if the XML does not validate. If this failure occurs, information about the failure is written to the abort log file, SymantecProtectionEngineAbortLog.txt. This file is located in the installation directory.
System Center Operations Manager 2007(SCOM) Pack
You can integrate Symantec Protection Engine events with System Center Operations Manager (SCOM).System Center Operations Manager is a central repository that can receive critical events, errors, warnings, and other information from your Symantec Protection Engine servers.
Preconfigured rules are automatically created when you import the management pack. These rules monitor specific Symantec Protection Engine events in the Windows Event Log. When a rule is triggered, the Operations Manager 2007 Agent collects data about the event and forwards it to the System Center Operations Manager.
For more information, see the Symantec™ Protection Engine Management Pack Integration Guide on the Symantec Protection Engine product CD in the following location: