README.TXT file for Symantec Event Manager for Symantec Client Security

Article:TECH140110  |  Created: 2010-09-16  |  Updated: 2010-09-24  |  Article URL http://www.symantec.com/docs/TECH140110
Article Type
Technical Solution

Issue



README.TXT file for Symantec Event Manager for Symantec Client Security 


Solution



*********************************************************
Symantec Event Manager for Symantec Client Security
README.TXT
Copyright (c) 2002 Symantec Corporation    November, 2002
*********************************************************
 
Please review this document in its entirety before you install Symantec Event Manager for Symantec Client Security, or call for technical support. It contains information that is not included in the documentation or online Help.
 
--------------------------------------
Installation Issues
--------------------------------------
The following are known issues regarding the installation:
 
- Installation of the SESA integration components (using the SESA Integration Wizards) requires Symantec Enterprise Security Architecture (SESA) with HotFix 1 or higher. You can determine the SESA version in the SESA Console by clicking Help > About.
 
- When installing Symantec Event Manager for Symantec Client Security on a computer that has Symantec Event Manager for Antivirus, be aware that existing configurations will be maintained for the SESA Agent and the SAV Plug-in because these components are already installed. 
 
  Specifically, the following configurations are not configurable: 
 
  * The SESA Agent Configuration Panel will be disabled;
 
  * The custom installation path for the Collector Framework Service cannot be changed;
 
  * The SAV Plug-in Configuration Panel will be displayed with the existing configuration. (This can be modified, but it is not recommended.)
 
- The Symantec Event Manager for Antivirus Integration Guide lists Java Runtime Environment (JRE) versions 1.2.2_008 through 1.3.1_02 as minimum system requirements for the Symantec AntiVirus Corporate Edition. The install requires that version 1.3.1_02 is the minimum version installed and is the only version supported at this time.
 
 
--------------------------------------
Additional Plugin Log Paths
--------------------------------------
To add log paths, you include them in the Plug-in configuration file (for example, SAVSesa.cfg) after installation:
 
1. Unload the Plug-in using the command: 
 
   Collector -pu:SAVSesa (for the SCF Plug-in, use SCFSesa)
 
2. Open the SAVSesa.cfg configuration file.
 
3. Increase the value in PluginLogPathCount field to reflect the number of total paths (new plus old). 
 
4. Add a new Plug-in log path record, PluginLogPath<x> under an existing one. <x> represents the ordinal of the log path.
 
5. To forward existing logs in the new path, change the value in the PluginForwardAllLogs to 1.
 
   Important: Because status information is maintained for all log paths, records and files in the current log paths will not be processed again.
 
6: Load the Plug-in using the command:
 
   Collector -pl:SAVSesa (for the SCF Plug-in, use SCFSesa) 
 
Refer to Appendix A in the Symantec Event Manager for Symantec Client Security Integration Guide for additional details on each of the values. See Appendix B for details on loading and unloading the Plug-in.
 
-------------------------------------------------------------------------------
Examining Application Data status file for SAV Plug-in and SCF Plug-in progress
-------------------------------------------------------------------------------
The Event Collector generates status (STS) files to the Windows Application Data folder, which you can examine to track the progress of SAV Plug-in and SCF Plug-in operation.
 
To Examine the STS log or logs for the SAV Plug-in and SCF Plug-in:
 
1. On the computer on which the Event Collector is installed, navigate to the SAVSesa folder or SCFSesa folder in the Application Data folder. 
 
   For the SAVSesa folder, the default location on Windows 2000 and Windows XP computers is:
   C:\Documents and Settings\All Users\Appliction Data\Symantec\Collector\Plugins\SAVSesa
 
   For the SCFSesa folder, the default location on Windows 2000 and Windows XP computers is:
   C:\Documents and Settings\All Users\Appliction Data\Symantec\Collector\Plugins\SCFSesa
 
2. In the SAVSesa folder, open and examine the SAVSesa<n>.sts file(s) or SCFSesa<n>.sts file(s).
   The <n> is the index of the SAV log path that is generating the .sts file.
   
   The Plug-in saves its progress in SAVSesa<n>.sts files. One *.sts file exists for each Plug-in/log path (data source) combination. When the Event Collector restarts, each Plug-in can start from where it left off the last time, which avoids unnecessary work.
 
   If no .sts files exist, then the Plug-in is unable to retrieve and process events. If one or more .sts files exist, then the Plug-in is successfully retrieving and processing events.
 
--------------------------------------------
SESA Console Reports
--------------------------------------------
The following are known issues regarding the Reports:
 
-Symantec AntiVirus Corporate Edition 8.0
 
  If you are using a SESA 1.0 without HotFix 1, on the Action Summary pie chart under the AntiVirus Event Family, some graphical reports (pie charts and line graphs) generate a null error. This is a known issue and is remedied in HotFix 1.
 
*****************************************************************
END OF FILE
***************************************************************** 



Legacy ID



2002121915521348


Article URL http://www.symantec.com/docs/TECH140110


Terms of use for this information are found in Legal Notices