How to enable Symantec Endpoint Protection Manager (SEPM) 12.1.x to receive logs from legacy clients

Article:TECH157463  |  Created: 2011-04-05  |  Updated: 2013-12-03  |  Article URL
Article Type
Technical Solution


You have legacy clients in your environment and want to view the logs in the Symantec Endpoint Protection Manager (SEPM) 12.1.x. Specifically, you have computers protected by Symantec AntiVirus for Linux (SAVFL) and wish to have their logs available to the SEPM for viewing and use in reports. SAVFL Reporter is already installed and configured on the Linux endpoints.


Legacy reporting can be enabled for Symantec Endpoint Protection 12.1.x by following these steps:

  1. On the SEPM home page, under Security Status, click Preferences.
  2. Click the Logs and Reports tab, then check the box next to Upload Symantec AntiVirus version 10.x log files.
  3. Click OK, then click Log Off to close the SEPM.
  4. In Notepad or another plain text editor, open the following file:
    \Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf 
    By default, program_directory is C:\Program Files, or C:\Program Files (x86) on 64-bit operating systems.
  5. Search for the following text:
    <Directory "../InetPub/reporting">
  6. Under this text, remove the hash symbol (#) from in front of the following items, and then save and close the file:
    • Options all ExecCGI
    • Allow from all
  7. Open Services (Start > Run > services.msc) and restart the Symantec Endpoint Protection Manager Webserver service.

For SAVFL Reporter logs:

  1. On the Linux endpoint, open SAVFL Reporter's configuration file with a text editor. The configuration file is located at the following path:
  2. Verify that it contains valid details for the SEPM.

For Symantec AntiVirus 10.1 client logs:

Note: Symantec AntiVirus 10.1 is no longer a supported product. These instructions are provided for your convenience.

In the Symantec AntiVirus (SAV) Symantec System Center (SSC), perform the following tasks:

  1. Open the Symantec System Center (SSC).
  2. Right-click on the server or server group and click All Tasks > Reporting Configuration > Configure Reporting Server.
    A Reporting Server Options window will open.
  3. Change the address to the address of the SEPM server:
    where servername is the SEPM server's name or IP address, and port is the reporting port (by default, this port is 8014).


Article URL

Terms of use for this information are found in Legal Notices