logman

Managing Logs

OfficeScan keeps comprehensive logs about security risk detections, events, and updates. Use these logs to assess your organization's protection policies and to identify clients at a higher risk of infection or attack. Also use these logs to check client-server connection and verify that component updates were successful.

OfficeScan also uses a central time verification mechanism to ensure time consistency between OfficeScan server and clients. This prevents log inconsistencies caused by time zones, Daylight Saving Time, and time differences, which can cause confusion during log analysis.

• OfficeScan performs time verification for all logs except for Server Update and System Event logs.

OfficeScan Logs

The OfficeScan server receives the following logs from clients:

• Virus/Malware Logs

• Spyware/Grayware Logs

• Spyware/Grayware Restore Logs

• Firewall Logs

• Web Reputation Logs

• Behavior Monitoring Logs

• Device Control Logs

• Digital Asset Control Logs

• OfficeScan Client Update Logs

• Connection Verification Logs

The OfficeScan server generates the following logs:

• OfficeScan Server Update Logs

• System Event Logs

The following logs are also available on the OfficeScan server and clients:

• Windows Event Logs

• OfficeScan Server Logs

• OfficeScan Client Logs

Log Maintenance

To keep the size of logs from occupying too much space on the hard disk, manually delete logs or configure a log deletion schedule from the web console.

To delete logs based on a schedule:

• Logs > Log Maintenance

1. Select Enable scheduled deletion of logs.

2. Select the log types to delete. All OfficeScan-generated logs, except debug logs, can be deleted based on a schedule. For debug logs, disable debug logging to stop collecting logs.

• For virus/malware logs, you can delete logs generated from certain scan types and Damage Cleanup Services. For spyware/grayware logs, you can delete logs from certain scan types. For details about scan types, see Scan Types.

3. Select whether to delete logs for all the selected log types or only logs older than a certain number of days.

4. Specify the log deletion frequency and time.

5. Click Save.

To manually delete logs:

• Logs > Networked Computer Logs > Security Risks
  
  Networked Computers > Client Management

1. In the client tree, click the root domain icon to include all clients or select specific domains or clients.

2. Perform one of the following steps:

• If you are accessing the Security Risk Logs for Networked Computers screen, click Delete Logs or View Logs > Delete Logs.

• If you are accessing the Client Management screen, click Logs > Delete Logs.

3. Select the log types to delete. Only the following logs can be deleted manually:

• Virus/Malware logs

• Spyware/Grayware logs

• Firewall logs

• Web reputation logs

• Device Control logs

• Behavior Monitoring logs

• Digital Asset Control logs

• For virus/malware logs, you can delete logs generated from certain scan types and Damage Cleanup Services. For spyware/grayware logs, you can delete logs from certain scan types. For details about scan types, see Scan Types.

4. Select whether to delete logs for all the selected log types or only logs older than a certain number of days.

5. Click Delete.