Troubleshooting reporting issues
|Article:HOWTO81125|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO81125|
Timestamps, including client scan times, in reports and logs are given in the user's local time. The reporting database contains events in Greenwich Mean Time (GMT). When you create a report, the GMT values are converted to the local time of the computer on which you view the reports.
If managed clients are in a different time zone from the management server, and you use thefilter option, you may see unexpected results The accuracy of the data and the time on both the client and the management server may be affected.
If you change the time zone on the server, log off of the console and log on again to see accurate times in logs and reports.
In some cases, the report data does not have a one-to-one correspondence with what appears in your security products. This lack of correspondence occurs because the reporting software aggregates security events.
You can use SSL with the reporting functions for increased security. SSL provides confidentiality, the integrity of your data, and authentication between the client and the server.
See the knowledge base article: Enabling SSL communications between a Symantec Endpoint Protection Manager and its clients
Risk category information in the reports is obtained from the Symantec Security Response Web site. Until the Symantec Endpoint Protection Manager console is able to retrieve this information, any reports that you generate show Unknown in the risk category fields.
The reports that you generate give an accurate picture of compromised computers in your network. Reports are based on log data, not the Windows registry data.
If you get database errors when you run a report that includes a large amount of data, you might want to change database timeout parameters.
If you get CGI or terminated process errors, you might want to change other timeout parameters.
For more information, see the following document in the knowledge base article: SAV Reporting Server or SEPM Reporting does not respond or shows a timeout error message when querying large amounts of data.
If you have disabled the use of loopback addresses on the computer, the reporting pages do not display.
The following information is important to note if you have computers in your network that are running legacy versions of Symantec AntiVirus:
If the System log becomes corrupted on a 64-bit client, you may see an unspecified error message in the System logs on the Symantec Endpoint Protection Manager console.
When you use report and log filters, server groups are categorized as domains. Client groups are categorized as groups, and parent servers are categorized as servers.
If you generate a report that includes legacy computers, the IP address and MAC address fields display None.
The reporting functions use a temporary folder, drive:\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Temp. You might want to schedule your own automated tasks to periodically clean this temporary folder. If you do so, be sure that you do not delete the LegacyOptions.inc file, if it exists. If you delete this file, you lose the incoming data from legacy Symantec AntiVirus client logs.
Article URL http://www.symantec.com/docs/HOWTO81125