How to enable Symantec Endpoint Protection Manager (SEPM) 12.1.x to receive logs from legacy clients

Article:TECH157463  |  Created: 2011-04-05  |  Updated: 2014-09-19  |  Article URL
Article Type
Technical Solution



You have legacy clients in your environment and want to view the logs in the Symantec Endpoint Protection Manager (SEPM) 12.1.x. Specifically, you have computers protected by Symantec AntiVirus for Linux (SAVFL) and wish to have their logs available to the Symantec Endpoint Protection Manager for viewing and use in reports. SAVFL Reporter is already installed and configured on the Linux endpoints.



Legacy reporting can be enabled for Symantec Endpoint Protection 12.1.x by following these steps:

  1. On the Symantec Endpoint Protection Manager home page, under Security Status, click Preferences.
  2. Click the Logs and Reports tab, then check the box next to Upload Symantec AntiVirus version 10.x log files.
  3. Click OK, then click Log Off to close Symantec Endpoint Protection Manager.
  4. In Notepad or another plain text editor, open the following file:
    \Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf 
    By default, program_directory is C:\Program Files, or C:\Program Files (x86) on 64-bit operating systems.
  5. Search for the following text:
    <Directory "../InetPub/reporting">
  6. Under this text, remove the hash symbol (#) from in front of the following items, and then save and close the file:
    • Options all ExecCGI
    • Allow from all
  7. Open Services (Start > Run > services.msc) and restart the Symantec Endpoint Protection Manager Webserver service.

Note: As of Symantec Endpoint Protection 12.1.5, legacy SAV for Linux clients that no longer send reports are purged from the database after 30 days. To change this value, follow these steps:

  1. Open the file in Notepad. By default this file can be found in the Symantec Endpoint Protection Manager installation directory, under \tomcat\etc\.
  2. If the following value does not exist, add it, and adjust the number of days if needed.
  3. Save and close the file.
  4. Open Services (Start > Run > services.msc) and restart the Symantec Endpoint Protection Manager service.

For SAVFL Reporter logs:

  1. On the Linux endpoint, open SAVFL Reporter's configuration file with a text editor. The configuration file is located at the following path:
  2. Verify that it contains valid details for Symantec Endpoint Protection Manager.

For Symantec AntiVirus 10.1 client logs:

Note: Symantec AntiVirus 10.1 is no longer a supported product. These instructions are provided for your convenience.

In the Symantec AntiVirus (SAV) Symantec System Center (SSC), perform the following tasks:

  1. Open the Symantec System Center (SSC).
  2. Right-click on the server or server group and click All Tasks > Reporting Configuration > Configure Reporting Server.
    A Reporting Server Options window will open.
  3. Change the address to the address of the Symantec Endpoint Protection Manager server:
    where servername is the Symantec Endpoint Protection Manager server's name or IP address, and port is the reporting port (by default, this port is 8014).


Article URL

Terms of use for this information are found in Legal Notices