Video Screencast Help

SEP Content Distribution Monitor (for GUP health-checking)

Created: 14 Jun 2010 • Updated: 25 Jul 2011 | 328 comments
GrahamA's picture
+50 50 Votes
Login to vote

UPDATED: New version now available that is compatible with SEP 12.1

After hearing customers mention they could benefit from increased visibility over the Group Update Providers that are active in their environment, as they are a critical part of their content infrastructure, the Symantec SEP product team have created a small utility to help customers address this need.

Its a v lightweight utility that must be run directly on a SEPM machine and will provide customers with a quick glance dashboard.

Warning: This is not an officially supported tool so it is use at own risk. That said, it is reading from the various data sources it accesses, not writing to them, so use of the tool is typically low risk, and customers that have used it so far have reported no negative side-effects.
Best Regards,
GrahamA.
 
Product Management
Symantec Corporation

Comments 328 CommentsJump to latest comment

Joe Mama's picture

For starters, make sure that the GUPS and SEPM manager are both on the same version.

0
Login to vote
ThaveshinP's picture

All GUPS and SEPM  versions are the same..

0
Login to vote
Joe Mama's picture

One thing that I found is the GUP assigned to the subnet/group MUST be in the same physical/logical container in the SEPM.  Once I moved it to the same container as the computers it was GUPing, it showed in the Content Distro Monitor.

 

Hope this helps!
 

0
Login to vote
shango's picture

We pay good money to run these suites on our networks only to have  Beta, unofficial , unsupported tools from enthusiastic employees.

This functionality, and more, should be native to the management console because quite frankly I find the console doesn't make it easy to manage even a mildly complex environment let alone the gups and their child clients. And it needs to be supported and out of beta....

Then there are the Console annoyances....

1 Filter settings are not persistent. I mean how hard is this? I have to reset the filters every time i restart the console.

2. Sort settings are not persistent. I select a machine from a client list and suddenly it disappears and I am looking at something totally unrelated. What is the default sort on the client lists? It appears random at most times, and occasionally it appears to be by the time they first contacted the management console.

3. In spite of the filter setting I continually find multiple instances of machines displayed. Worse still they appear as part of the statistics in reports that are run. Again this should not be that difficult to achieve.

4 What is it with the Policy window scroll bar??? I open a policy but when I close it to go back to where I was I lose my place usually to the opposite end of the list. Guys, come on this is not rocket science...

 

Sorry if this appears to be a hijack but i have sitting on this for a while... =)

+4
Login to vote
GrahamA's picture

Thx for the honest feedback shango,

The reason we created this GUP monitor initially is to provide these capabilites to customers in the near term (getting them into the product as standard takes a little longer). The good news is that I've recently updated the download page for the GUP monitor here on Connect, it now includes a new version of the GUP monitor which is designed for usage with SEP 12.1. What is particularly good about this is that this new version was built from the ground up by the SEP engineering team so it is be more robust and reliable, it will be an official tool (not beta) but it is very much 'integration ready' for merging into the official SEPM console in a future SEP release.

If you get a chance to try out the new version, we would really appreciate your feedback.

Re the items you highlighted as console annoyances:

1. With the SEP 12.1 console, filters you set for the Clients view are persistent through console relaunch. Filters you create via the Monitors view remain available for selection after console relaunch but the default filter reverts to 'default' (you can though change what 'default' actually filters, so can achieve persistence in that way).

2. With SEP 12.1, within the same console session, sorting of clients is persistent, and also now the sort works correct across multiple pages of clients (if multiple pages worth are present).

3. Hmm. A bit of troubleshooting might be needed to get the bottom of why this is occuring. Do you have an scenario in your environment whereby machines are refreshed / wiped and reimaged regularly? Could be physcial machines or these days more commonly can be the case with virtual machines and VDI sessions. There are some tips re how best to configure SEP to work optimally in these situations.

4. I tested this with SEP 12.1 just now and can't reproduce the issue you describe so it appears this may have been resolved as part of the SEP 12.1 console update.

Thx again for your feedback, it is much appreciated.

We do genuinely listen and are building and evolving the product based on customer feedback so keep it coming. I do hope you'll see that we've already made some major strides forward with SEP 12.1 (from where we were at with SEP 11), and you can be sure we'll be continuing to rapidly evolve the product to ensure it can allow customers to not only protect their organisations, but also effectively manage and monitor in a painless and efficent way,

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
ThaveshinP's picture

Would this new GUP tool work with SEP 11 or was it specially designed for 12.1?

0
Login to vote
GrahamA's picture

The new version is specifically designed for SEP 12.1

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
thatdude's picture

Any reason why we can't get something similar for Live Update Administrator? I would prefer an integration into SPC 2.0 or SEPM but a stand-alone app works for me as well. We have many different Symantec products so we use LUA for distributed updates since GUP's are limited to just SEP. I have a few GUP's but I have over 50 distribution servers served by LUA which host SEP and SAV signatures.

0
Login to vote
GrahamA's picture

I'm actually the PM for Liveupdate Admin so have a vested interest in that technology too.

The goal is to integrate LUA into SPC for centralised reporting and mgmt but that wont happen for awhile. Re short term, I actually created a very rough central monitoring tool for LUA before, but it never really left the proof of concept stage. If you ping me directly, we can discuss.

As a side note, we're planning to release LUA 2.3.1 toward the end of this year and are already through most of the development work. This new version will introduce some nice new features to LUA.

GrahamA Product Management, Symantec Security Solutions

+1
Login to vote
CJarvis's picture

Is anyone else seeing this?

gup_mon_online_ips_none.jpg
0
Login to vote
_Brian's picture

And you can confirm they are updated?

0
Login to vote
Stefan-DE's picture

I want to run the monitor as web page. Is it possible?

Our teams should see the status of their local GUP.

I played a little bit around and get always the error message:

Verifying the config file is accessible ...

Cannot access the configuration file (config.ini).

.hta and .ini are in the same directory

0
Login to vote
_Brian's picture

Where should the bat file for 12.1 be run?

I keep getting "the system cannot find the path specified" when trying to run it...

0
Login to vote
SuryaG's picture

Brian, unzip the "SEPM Content Dist Monitor - BETA v1.3.zip" contents to "Symantec Endpoint Protection Manager\Tools" folder and run the SepmMonitorTool.bat file from the "Tools" folder.

+3
Login to vote
_Brian's picture

Thanks a lot. That did it.

0
Login to vote
CarlJ's picture

Forgive me but as someone fairly new to SEP 12.1, is there a guide available that details the configuration of this app on the SEP Manager Server? There are only three files in the 12.1 zip download and I have configured the settings in the httpd.conf file and restared the services as per the text file but am not sure what to do next - the SepmMonitorTool.bat file tells me that 'The system cannot find the path specified'.

Do I need to follow the instructions for the configuration of the previous version, first?

Any and all help appreciated.

Thanks,

Carl

0
Login to vote
CarlJ's picture

Scrub the last message - I've worked it out...

0
Login to vote
Vikram Kumar-SAV to SEP's picture

Hi Graham,

I am using Content monitor for 11.0 for one of my clients when I run a query from SQL it shows around 2200 GUPs however Content Monitor is showing only 2050 Gups..atleast 100-150 less than the SQL query.

Secondly : In the Content Monitor Disk Space shows in MBs and GBs however when I export the logs it shows it in Bytes. Well it becomes manual work to convert them to MBs and GBs.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
GeoGeo's picture

When are we getting an official tool that we can use in support cases?

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

0
Login to vote
DaveG's picture

I installed the 12.1 beta tool yesterday and configured the apache logs, but it appears to have issues parsing the logs, limiting the quality of the data it displays.  Here is one example of the status messages I see (a few of these messages appear each time the application refreshes):

10/26/2011 16:44:15 There is an IO issue while reading line 4772 in file D:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs\access-2011-10-26.log, so restarting from 4772

This message typically appears at the end of every refresh:

10/26/2011 16:44:15
The process cannot access the file because another process has locked a portion of the file

After about 22 hours since the log was turned on, the size of the log file is almost 900 MB.  I am sure the file size isn't helping any.

Is there any guidance as to how to work around these problems?  What I'm itching to see is how many deltas vs. full defs downloads are taking place, but the numbers all display as zeros in the application.

Thank you!

David

0
Login to vote
jrudbecka's picture

Hi DaveG

 

Did you find a solution for this, I'm seeing the same, and also have both a error and a access log, which are almost 500mb every day.

Regards

0
Login to vote
IpadMule's picture

Been using this tool for quite some time.  Excellent tool!!  Thanks very much!!

We've recently upgraded to 12.1 and have started using the Content Distro Mgr v1.3.  Looks great so far.  

Question: is it possible to view the Manager remotely from my workstation like I could with the 11.0.x version rather than having to RDP to my SEPM where the tools runs? 

0
Login to vote
Clement C's picture

Found out about this great tool and have got it up and running. Configuration seems to be up and running but i need help on the following.

I have configured GUPs on each of my remote sites (Single GUP checked and with default management server checked but i am getting the following error at the bottom of the screen..

 

[ There are currently no GUPs registered in the SEPM database. Login to the SEPM console and verify the GUP configuration in the active Liveupdate policy. ]

 

Not sure if this is a problem with my GUP settings. What can i check or do?

 

Thank you.

0
Login to vote
Mark Maynard's picture

I am currently running a SEP 11 RU7MP1 environment with three SEPM sites and replication 1x per day.  I manage over 400 GUPs and between the three SEPM sites have about 75,000 clients.  I have multiple windows domains in use between the clients and GUPs.  Within the config.ini file there is a filter list for GUPs by domain.  If I select the ALL option, I get out of date GUPS in the monitor tool due to my sites only replicating 1x per day.  So the only option for current and accurate information is to run multiple monitors, one for each of the windows domains that I have to monitor.

So, I have a question around is there a way to select multiple windows domains in the windows_domain_filter within the config file?  As far as I can tell, it is ALL or one.  This would help me to elimate running multiple monitoring tools and bring it down to one per SEPM site.

I have attached the portion of the config.ini file where I am looking for reference.

config.JPG
0
Login to vote
MaRRuT@CC's picture

is v1.3 compatible to 12.1 RU1? no time for testing atm :|

0
Login to vote
_Brian's picture

Works fine for me on 12.1 RU1

+1
Login to vote
lobuer's picture

yep, should work fine with RU1 also

0
Login to vote
MaRRuT@CC's picture

great! Thx guys!

0
Login to vote
TerryK's picture

Will the SEP Content Dist Monitor work with a read only password? My one misgiving of using this product is the fact that the db password is stored in cleartext on the SEPM.

0
Login to vote
TerryK's picture

I created a Read Only username/password and entered it into the config.ini file. An error appears when launching the SEP Content Distribution monitor. The popup is titled "Testing SEPM Database Connection" and contains an error msg "Data source name not found, verify the ODBC/OLEDB connection set within the config.ini file.  Error Code -2147467259. Any Ideas on how to implement a Read Only password to be used with the SEP Content Distribution monitor?

0
Login to vote
TomMLS's picture

I downloaded this to our SEPM server, made what I understand are the correct changes to httpd.conf, and double-clicked the *.bat file within the folder.

Nothing happens.

What am I doing wrong??

Thank you, Tom

0
Login to vote
_Brian's picture

unzip the "SEPM Content Dist Monitor - BETA v1.3.zip" contents to "Symantec Endpoint Protection Manager\Tools" folder and run the SepmMonitorTool.bat file from the "Tools" folder.

+1
Login to vote
Subhani's picture

Hi , I have started using the SEP Monitor for 12.1 .It is very useful and I loved it  however I wasted the first hour as I did not find any Read me file on how to set it up .The file in the Package only mentioned about changes to be done in Apache .After spending quite some time ,I unizipped the SEP Monitor jar file ,found the help and than used it .

Thanks a lot for this great tool .By the way ,How can I get more details about the SEP Clients who are downloading Full Contents from SEP Manager .

0
Login to vote
Subhani's picture

Is there a ways to get information about the clients downloading full.zip (Using the tool ,I know that by manually looking in the access log ,I can find out)

 

0
Login to vote
Charlosa's picture

To echo Subhani's question, it would be useful to know which individual clients are pulling down the Full "Virus/Spyware content downloads" as it would allow further possible troubleshooting. Maybe a button to export the list to .csv would be good.

While I appreciate that it may take some time to put in such a feature, I suspect that the information is available somewhere in the system. We're running 12.1 RU1 and if I look in the following SEPM folder:

\tomcat\logs

I see lots and lots of different log files, of which I believe that one of them contains the information of which client is pulling down the full content file, as opposed to the delta changes.

Therefore, until the feature is added to the Symantec Content Distribution Manager's GUI - can someone point us in the right direction as to which log file we need to look at?

Cheers

0
Login to vote
fede_stranger's picture

Excellent tool!!!. However, it would be nice if there was an option in the "AV/AS downloads today from SEPM" section to know the user / computer name / IP adress of the clients who downloaded content from SEPM.

I'm using version 4.8 (SEP 11).

0
Login to vote
bryand82487's picture

I'm running GUP's on 12.1 and my monitor shows all my GUPs under operational status of abnormal GUPs and operational status of all GUPS.  My GUPS seem to be working properly as far as I can tell.  What would be causing them to show up under the abnormal status?

0
Login to vote
leonhomar's picture

Hi folks,

 

i'm trying to run the BETA tool (1.3) for SEP 12.1 in my environment, but i got stucked in this error:

 

 

do you have any idea about this error ?

regards

 

Leon

Leon Homar

0
Login to vote
StiflingCobra's picture

leonhomar,

You need to "unzip the "SEPM Content Dist Monitor - BETA v1.3.zip" contents to "Symantec Endpoint Protection Manager\Tools" folder and run the SepmMonitorTool.bat file from the "Tools" folder" (stolen from SuryaG above..)...

Don't forget to make the changes to the Apache logs as well...

+2
Login to vote
Holly Reagon's picture

Version 11 - I've tried to get this working on the SEPM server, which is a windows 2008 64 bit server connecting to a remote sql DB. I've configured ODBC both ways, under 32 bit, and under syswow folder. SEPM console works fine on this management server, I can get the Tool to work on my workstation, which is windows xp, but not on the server. i continue to get the unable to connect to DB error. I've tried configuring for SQL as well as OLEDB in the config file. Any ideas? I've checked the box for going across domains, as well as trusted sites. Appreciates any leads. Thanks.

 

Holly

0
Login to vote
Stefan-DE's picture

Hi Holly,

ok, i have Windows Server 2003 64bit, but it is working fine with a remote SQL DB.

If you use the computer name (instance name) to connect SQL, do you configured SQL alias on SEPM server?

SQL Server Client Network Utility (cliconfg) - 32/64bit

I used OLEDB - my INI looks like this:

connection_type=OLEDB

OLEDB_string=Provider=SQLOLEDB;Data Source=<Server name\instance name>;Initial Catalog=<Name SEPM DB>

OLEDB_Username=<User to connect DB> (i created a SQL account with limited permissions)

OLEDB_Password=<Password>

Stefan

0
Login to vote
JwLanning's picture

Hey guys,

When I attempt to run this program (on Windows Server 2008 R2 with Java 6r30 installed) it tells me "Failed to load Main-Class manifest attribute from %FILEPATH%\sepm_monitor.jar".

I looked through the internet and got no SEPM-specific ideas.  Any hints? Thanks much.

James Lanning, STS/ASC

Sales Engineer,ITS Partners, LLC
e. jlanning@itsdelivers.com

0
Login to vote
GrahamA's picture

To run the tool, you need to copy the files into the following directory:

Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools

And then run the SepmMonitorTool.bat file.

Did you do this?

GrahamA Product Management, Symantec Security Solutions

+1
Login to vote
Pray4u's picture

Hi, I see that the general GUP sql question is a result of the virusdef. on the endpoint protection on the GUP it self.

But we want to see what is the latesed virusdef. the GUP is providing to the clients, is that possible?

0
Login to vote
Appel's picture

Looks like there have been some great things going on here.  Beta, testing, issues, resolutions, more issues and resoultions and so on.  At this point is this tool now out of the beta and ready for prime time?  Our SEPM’s are currenlty running 12.1 RU1 running a single SQL database on a separate server and the majority of the GUP’s are at 11.x.

0
Login to vote
Jacobi's picture

I am using the Beta V1.3. It seems to be working great. This has been mentioned several times, but I still have not found an answer. What must be done to run this remotely? (i.e. on my workstation). Thank you for any response.

0
Login to vote
GeoGeo's picture

Am I missing something. Setup a few Distribution managers but this one is stumping me.

Path I have in my config.ini is SEPM1_IISlogPath=\\localhost\c$\inetpub\logs\LogFiles\W3SVC2\

This is on a windows server 2008 R2 64bit

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

0
Login to vote
Pooley's picture

Hi,

I am having the same problem as GeoGeo as well, with our SEP11 (Version 4.8) tool as well.

SEPM1_IISlogPath=\\localhost\c$\IIS Logs\W3SVC2

I specified the above custom path following the Readme.txt, Step 3:
3. Click Properties and change the log path to a more friendly one for your needs

I can confirm i can browse to the specified directory and see an automatically created: "W3SVC2" folder with a generated ex120411.log inside.

This is the only section of the Monitor i was interested in accessing, and its the one part not working. Typical! :(

Windows Server 2003 R2, 32bit

0
Login to vote
MaRRuT@CC's picture

@Graham:

Any new info from Symantec to include this into a main release of SEP12?

0
Login to vote
SEPMADMIN's picture

Hi,

I am Experiancing issues SQL Timeout when I open content-distribution-monitor .

attached screenshot.

 

Thank you,

 

Content Dist.png
0
Login to vote
megamanVI's picture

I keep getting "There is an IO issue while reading line ##### in file /path/to/apachelogs, so restarting from line #####".

 

I am using the latest beta version of this app an SEPM is on 12.1 RU1.  Does anyone know why this is happening?

0
Login to vote
ScottM 2's picture

I'm seeing that as well, followed by a 

The process cannot access the file because another process has locked a portion of the files

0
Login to vote
ScottM 2's picture

Well, I tried turning down the semsvr service and the semwebsvr services, the log files processed in full and I saw considerably more data. I'm guessing that Apache is locking its logs during some transactions. With the file lock conflicts, it explains some of the inconsistant data I have been seeing.

0
Login to vote
adutchman's picture

Sorry, I should have read through the posts better before making a new post for the same issue.

I'm getting the same messages when I open the GUP Monitor.

0
Login to vote
MaRRuT@CC's picture

@Graham: Any new plans to release a non-beta version for SEP12.1? or including this fully into the next SEPM releases!

0
Login to vote
alex.milford's picture

I am seeing the same issue as megamanVI and every time it refreshes the values in the virus/spyware content downloads today from SEPM section resets

 

 

Capture.PNG
0
Login to vote
ScottM 2's picture

Graham, what is the format for the ApacheLogPaths line for multiple logs, I can't seem to get the syntax for a UNC location in there properly.

0
Login to vote
Infodon's picture

The dates show as 1970 in the CDM tool. Any ideas as to what would cause the inccurate date?

Capture.PNG
0
Login to vote
adutchman's picture

I've been using the SEP Content Distribution Monitor - SEP 12.1 - BEAT v1.3 for some time now.  Used SEP 11 version before that.  Wonderfurl job - great tool.

I recently noticed that there are many many of the following messages in the "command window" that appears behind the main Content Distribution Manager screen.

The messages are in the following format...

There is an IO issue while reading line xxxx in file D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\logs\access-2012-07-03.log, so restarting from xxxx.

Is this normal or is this skewing my content downloads today from SEPM(s) section of the monitor?

Thanks,

Erik

 

0
Login to vote
ScottM 2's picture

Looks like a file locking issue, these errors do not happen if the SEPM is inactive but then why would we want that?

0
Login to vote
SuryaG's picture

It is normal. Ignore the message. When the tool is parsing the file, Apache might lock it and write the latest log data. That's where the tool will seek to that line again and start parsing from there.

0
Login to vote
ScottM 2's picture

In my test I saw a different quanity of data when I compared running thie with and without the SEPM running, I did not get the impression it came back to the file after encountering the lock.

0
Login to vote
alex.milford's picture

Surely this can't be normal? Every time it refreshes and encounters the file lock it results in the overall content downloads for the day resetting so you can never see the total download from the SEPM during the day

0
Login to vote
SuryaG's picture

Hi Alex,

It's not resetting. It's just a debug message. Basically, CDM keeps track of the line number to which it has already parsed and it caches the data. CDM will start parsing again from that line number once the SEPM unlocks the file. That way, CDM need not parse the file from the beginning. It's an optimization to speedup the parsing.

-1
Login to vote
adutchman's picture

Hi Alex,

With the amount of clients that I have running SEP 12 (34,000+), there is no way that these numbers are correct.  There is no way that content downloads from the SEPM9s) are only 528.91 KB which is what it shows for today.

I agree with the other poster's statement, "Every time it refreshes and encounters the file lock it results in the overall content downloads for the day resetting"

 

0
Login to vote
Filippo Morosini's picture

Thanks for developing this tool: it works great on our SEP 12.1 environment and finally gives us a feature that we were missing on SEPM since the day 0

we have a multi national SEP 12 deployment over 20 countries and we use a mixed GUP/LU configuration, like tho others in this post we'd like to have the possibility to monitor LU distributions aswell

0
Login to vote
Adamster's picture

I needed to get this to work on SEPM 12 RU 2 on Windows Server 2012  I had to make the following changes to the SEPMMonitorTool.bat. Basically instead of using the %CD% variables, giving it the static path of the files worked.

This is probably not recommended for production but in test environment, I also copied the sepm_monitor.jar and any .ini and .bat file to C:\Program Files (x86)\Java\jre7\bin\sepm_monitor.jar

 

@echo off
setlocal

set CATALINA_HOME=C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat
set JAVA_HOME=c:\Program Files (x86)\Java\jre7
set ASA_HOME=C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\asa

if %ERRORLEVEL% == 2 goto end

 

:begin

"%JAVA_HOME%\bin\java.exe" -Xms256m -Xmx1024m -classpath "C:\Program Files (x86)\Java\jre7\bin\sepm_monitor.jar;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\inst.jar;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\inst-res.jar;%CD%\..\tomcat\lib\jconn3.jar;" -Dcatalina.home="%CATALINA_HOME%" -Djava.library.path="%CATALINA_HOME%\bin;%ASA_HOME%\win32" com.sygate.scm.tools.monitor.SepmMonitor "%CATALINA_HOME%"

set TEMP_ERROR_LEVEL=%ERRORLEVEL%

if %TEMP_ERROR_LEVEL% == 0 goto noerror
if %TEMP_ERROR_LEVEL% == 2 goto error2

goto end

:noerror
cls
@echo SepmMonitor is closed. Please check SepmMonitor.log under tomcat\logs\ folder.
goto end

:error2
cls
@echo SepmMonitor failed. Please check the tomcat\logs\SepmMonitor.log file for more details.
goto end

:end
endlocal

0
Login to vote
ScottM 2's picture

Is this project still being looked at?

I think we'd all like to see this sort of information displayed in the managers.

+3
Login to vote
ThaveshinP's picture

I agree..having almost 80 GUP's makes it very difficult to manage.

0
Login to vote
olivier_husson's picture

Hi all,

I have a question about this marvellous tool :)

When I check the number of GUP in my SEPM ("search clients" Group Update Provider = True) I have 2142 Gups

When I export the Gups from CDM, I have 1816 Gups

The GUPs which doesn't appear in CDM are up, they work fine, some clients get updates froms this machines...

Why do I have this difference ?

 

CDM v1.3 Beta

SEPM 12.1 RU2

Thank-you for your help

 

EDIT: Oops, I did't check the filter, now it's OK. Oo

Olivier HUSSON

Security consultant

Saycurit

0
Login to vote
ThaveshinP's picture

If you have almost 2142 GUP's ..how many clients do you have?

0
Login to vote
EricT's picture

Suggestion to developer - I used the 11.x version for a LONG time with no problems at all. I actually like it better than the 12.x version.

I do have some issues with my SEPMs right now so I have opened cases with Symantec. So I will refrain from making comments on my current performance issues. My suggestion is put a readme into the zip file and put the tomcat settings in there and put a small 2 line blurb saying to extract the jar and bat file to the tools directory. I was running the 11.x client from a folder within tools and it ran just fine. This one didn't work until you had it in exactly the right place. So if a specific location is required for the bat it should be noted somewhere.

Thank you helpful posters after I read through this thread and ofund others had the same issues I wasn't feleing quite a dumb as I was feeling wondering why it was not able to find a path I typed in.

I use about 28 gups total I feel sorry for anyone who has 50 gups much less 2000+.

One thing I guessed at is I uncommented out the # on the line before the one it said and the line it said had to be modified for each part will that make a huge difference in how appache is running? It just was the log location being unremmed out.

I also am getting some errors I need to know what this is about -

INFO: There is an IO issue while reading line 173820 in file D:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs\access-2013-03-07.log, so restarting from 173820
Mar 07, 2013 9:59:37 AM com.sygate.scm.tools.monitor.SepmMonitor logToFile
INFO: There is an IO issue while reading line 207751 in file D:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs\access-2013-03-07.log, so restarting from 207751

What can I do to avoid IO issues?

0
Login to vote
Gino I's picture

Remote - Connecting ?

@GrahamA / or anybody knowing how :)

I have seen the question before, but havent seen an answer to this... Well firstly thanks for an excellent tool, got about 650 GUPs ~ 12000 clients, looking good and picking up as expected. Receive the lock file message now and then because of the log file in use, but thats not too bad... with this tool being available to remotely verifying the GUP status a lot of signing in to the SEPM console dont need to be done, I would like to put this on a "HUGE" monitor in the IT department for everyone to view... without needing to logon to the SEPM console, any advice on how to run this remotely would be highly appreciated

Got 2 SEPMs (failover) with SQL DB on another server

Regards and Thanks in advance

Gino

 

 

+1
Login to vote
novice_sep's picture

Hello Everyone, 

 

I downloaded the beta version of this tool. but the problem is that when i double click on jar executable file, nothing comes on screen. may be it runs in behind or what happens i don't know. I have done the change in the http.config file and also i have latest java run time environment.

 

Do we need to maual configure something in different files, like GUP IP's, SEPM login details etc...? if yes , where??

 

Thanks a lot

0
Login to vote
novice_sep's picture

Thank you so much for developing the App. It works very nicely and aptly

0
Login to vote
Michael B.'s picture

Thanks for providing this tool.  I have some suggestions for improvements on how this tool installs and functions.

1) There is no help or readme file accessible in the zip package, just a very terse readme for apache logging.  If you don't wind your way through this thread of 250+ comments, to find the couple of comments about installing the 1.3 beta package, you won't know what to do with it unless you tear apart the package.  It would solve many questions if you put a copy of the help file sepm_monitor_help.html in the zip as a separate readme.html.  The Enable_Apache_Logs.txt file then becomes redundant, and should be removed.  It is missing the warnings about needing to manually purge log files anyway.

 

2)You have removed the feature of the previous 11.x tool, which allows you to open the log file to be able to browse the content to see which clients are downloading content.  Summary data is fine if all is working well, but when you see an significant change, you need to know which clients are pulling content and from which networks.  I don't know where you caching the parsed data, to summarize the download, but perhaps you can save that cache file while the tool is running and provide a link from the GUI to open the file in a HTML table?  

3) Still needed - a way to see which clients are pulling content from each GUP, and a way to verify that the GUP is in fact providing content to the expected clients.  Is this data logged anywhere on the GUP or can it be extracted from SEPM logs?

4) Is it possible to adjust the file rollover time in Apache so that it is sometime other than 0000 GMT?

 

0
Login to vote
Michael B.'s picture

Running the Beta 1.3 with SEPM 12.1, clients are mixed, mostly still on 11.0.6300.803

Is there any way to turn down the apache logging to only log only the data needed for this tool?  

I had to shut down the apache logging because of excessive log size.  One hour of off peak testing generated over 23M of data in the access and error logs.  In browsing the log files, it seems that apache is logging every heartbeat or checkin.  The error log is getting hit with around 10 entries per second.  The access log is 3x the size of the error log (17+M).  The tools really bogs down with refresh with those file sizes.. I can't imagine how long it would if I had 24 hours worth of data, since this if off peak.

Important info is the GETS for deltas and full def files, and any errors that would help troubleshooting connection issues.  These gets look like maybe heartbeats or policy checks?  I have a mixed environment of 'push' and 'pull' clients.

error log looks like (long key removed)

 

[Wed Apr 03 17:41:36 2013] [info] [client xxx.xxx.yy.111] Thread(4528) Connection(00320, sock: 02912) Async Initiated!URI: GET /secars/secars.dll?h=CF..B07AA HTTP/1.1
[Wed Apr 03 17:41:36 2013] [info] [client xxx.xxx.yy.111] Thread(0948) Async done, closing socket!: 02136, URI: GET /secars/secars.dll?h=CF..D5F3 HTTP/1.1
[Wed Apr 03 17:41:36 2013] [info] [client xxx.xxx.zz.55] Thread(0744) Connection(00322, sock: 05636) Async Initiated!URI: GET /secars/secars.dll?h=EAD381..1196 HTTP/1.1
[Wed Apr 03 17:41:36 2013] [info] [client xxx.xxx.zz.55] Thread(0948) Async done, closing socket!: 02820, URI: GET /secars/secars.dll?h=EAD381..F42CC HTTP/1.1
 
Access log looks like (long keys removed), but also with entries for the loopback interface.
 
xxx.xxx.yyy.127 - - [03/Apr/2013:17:37:17 -0700] "POST /secars/secars.dll?h=309A8...551A1 HTTP/1.1" 200 - "-" "Smc"
xxx.xxx.zz.108 - - [03/Apr/2013:17:37:16 -0700] "POST /secreg/secreg.dll?l=2 HTTP/1.1" 200 679 "-" "Smc"
xxx.xxx.yyy.92 - - [03/Apr/2013:17:37:17 -0700] "POST /secars/secars.dll?h=2C276...8A57EF HTTP/1.1" 200 - "-" "Smc"
 
For now the logging is back to normal (log level at 'warn', error log only, no access log).
 
I also have logging turned on for the IIS server, and see that there are still clients hitting that port and downloading content, instead of the apache port.  Is there any way to add those connectoins to the apache logs, or are those connections showing up in apache as well, since they are being proxied?
 
I'll post the question about clients still hitting IIS in a different thread ;)
 
Thanks in advance for any advice..
 
Michael
 

 

0
Login to vote
adutchman's picture

I found that the apache logs files were consuming large amounts of disk space as well so I created a VB Script that deleted apache logs that were more than 2 days old and created a schedule task to run my script daily.

0
Login to vote
alex.milford's picture

adutchman,

I have had the exact same problem and have been searching for a way to do this. Would you be willing to share the script please? I'd really appreciate it.

0
Login to vote
adutchman's picture

I have attached the script I wrote.  It works great on our server.  You will need to adjust it to fit your setup.  The way that it is currently written everytime that the script runs it tries to delete the log file with "yesterday's" date.  Any files that are 2 days old or older will have to be manually deleted.

By downloading and using the attached script file you agree that I am not responsible for anything that happens by your use of this script.

AttachmentSize
DeleteLogs.zip 898 bytes
0
Login to vote
alex.milford's picture

Many thanks, looks like it's going to work great :-)

0
Login to vote
Kris63's picture

Well, since we haven't seen anything from GrahamA since October, we must assume he has moved up or moved on.  I hope someone at Symantic will continue to work on this great tool.

0
Login to vote
bspore's picture

I am running SEPM 12.1 on Windows 2008 Server. For AV/AS downloads today from SEPM it is showing the error,

IIS logging is misconfigured                                                                                                            IIS log found but the log field is incorrect. See readme.txt for guidance on how to configure the correct log files.

In the config.ini file I have this path set for the IIS logs,

SEPM1_IISlogPath=\\<server>\c$\inetpub\logs\LogFiles\W3SVC1\

I read that SEP 12 does not use IIS for logging but uses Apache instead. That is why I'm guessing I'm receiving this error.

IIS logging error.png
0
Login to vote
MaRRuT@CC's picture

any further development on this tool Graham for the newest GUP features like roaming GUPs? I would like to see this included into SEPM in the near future :-)

0
Login to vote
dimago's picture

My bad!!! It working great now, thanks!!!

 

Hello,

 

I want to try it but I dont know how to install/configure it..

Im running 12.1.2 with SQL in other box. I downloaded .zip for 12.1 but it has just 3 files.

I downloaded .zip for 11 and it says to configure odbc but I dont have any odbc configuration...

Can anyone help me?

 

Thanks

0
Login to vote
Stefan-DE's picture

Hi,

no ODBC configuration is needed.

  1. Please copy the following files to your SEPM server:
    sepm_monitor.jar, SepmMonitorTool.bat ⇒ ...\<SEPM Path>\Tools
     
  2. Enable Apache Logs on each SEPM server:

    1) Access SEPM_INSTALL\apache\conf folder and take backup of httpd.conf file
    2) In httpd.conf file, enable access and error logging. Also set LogLevel to info.

    Error log: Uncomment #ErrorLog "|| bin/rotatelogs.exe logs/error-%Z.log 100M", change log file name format and log rotation to 24 hours.
    Modified line: ErrorLog "|| bin/rotatelogs.exe logs/error-%Y-%m-%d.log 86400"

    Access log: Uncomment #CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 100M" combined, change log file name format and log rotation to 24 hours.
    Modified line: CustomLog "|| bin/rotatelogs.exe logs/access-%Y-%m-%d.log 86400" combined

    LogLevel: Change LogLevel from warn to info.
    Modified line: LogLevel info

    3) Restart the Apache (net stop semwebsrv and net start semsrv)

  3. Start GUP monitor with "SepmMonitorTool.bat" file

     

 

 

0
Login to vote
dimago's picture

Yes, perfect I got it.

I have an user without privileges than can run sep manager...it is ok, but this tool he can not run... Is there any permission to change to allow it? My user is admin and it goes fine!!!

0
Login to vote