Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

SEP Content Distribution Monitor (for GUP health-checking)

Created: 14 Jun 2010 • Updated: 25 Jul 2011 | 336 comments
GrahamA's picture
+51 51 Votes
Login to vote

UPDATED: New version now available that is compatible with SEP 12.1

After hearing customers mention they could benefit from increased visibility over the Group Update Providers that are active in their environment, as they are a critical part of their content infrastructure, the Symantec SEP product team have created a small utility to help customers address this need.

Its a v lightweight utility that must be run directly on a SEPM machine and will provide customers with a quick glance dashboard.

Warning: This is not an officially supported tool so it is use at own risk. That said, it is reading from the various data sources it accesses, not writing to them, so use of the tool is typically low risk, and customers that have used it so far have reported no negative side-effects.
Best Regards,
GrahamA.
 
Product Management
Symantec Corporation

Comments 336 CommentsJump to latest comment

EricT's picture

I would assume that as long as the user who is non admin has the proper rights to the bat file and proper Java permissions it should be fine. Really its just a Batch file that runs a Java front end that is querying into the SEPM DB.

0
Login to vote
dimago's picture

Anyone to help in my question above?

0
Login to vote
Stefan-DE's picture

No clue. 

Rights are not mentioned in the "Help" (Button) in the SEPM Monitor

0
Login to vote
EricT's picture

GrahmA this is a great tool I have bene using since 11.6.2 and with our GUps numbers gorwing its a tool I find I can't live without anymore. 

Just an idea but could you PLEASE make a version of this tool in a way that is self running as long as you make an ODBC connnection to the SQL for the 12.1?

Our setup is 2 SEPMs both on the same subnet as the SQL box they are linked to. We are not using the SEP internal SQL but SQL 2005 update 4.

We have an issue where the SEPMs we have up have a memory leak and are using up all 4 gigs as soon as the SEPMs come online. This has made this GUP Monitoring tool unuseable in our environment because of the java switchover and the memory it uses. Creating a tool that can be ran on a non SEPM machine as long as you have the proper credentials to the SQL would greatly help us with ensureing the GUPs are working as they should be to ensure we have offloaded as much of the defintion processing as possible to our heavily GUP laden environment.

Just a thought if you could look into this would be great.

0
Login to vote
Reek-Havoc's picture

HI,

Started using the tool a couple of weeks ago.  Nice concept!  We have 3 GUP's but only one ever seems to show up in the monitor?  I have triple checked my settings and the systems individually all seem to work as GUP in that they respond to telnet port 2967 and have the shared update folders?   How can I troubleshoot to get the rest of my GUP's to show up in the monitor???

Thanks very much for any help!

 

Reek

 

0
Login to vote
Shah_M's picture

Hi,

 

Where can i get the recent version of this tool. I find only the beta version. could some one provide me the link for the recent version for 11.X and 12.X  and steps how to use it.

0
Login to vote
megamanVI's picture

It doesn't look like this tool is being worked on anymore.

0
Login to vote
ScottM 2's picture

Does seem like it has been abandoned. I know it has been suggested that this level of detail get rolled into the SEPM in the future but probably not till a major rev at this rate.

0
Login to vote
LucianoPS's picture

Hello everyone.

I am using the SEP12.1.RU3 installed on windows server 2012 and can not run this application.

The SEPM is installed in the folder "D: \ Program Files (x86) \ Symantec \ Symantec Endpoint Protection Manager"

I copy the files to the folder "tool", change the httpd.conf file but always the same problem occurs as shown below.

=============================================================

java.io.IOException: Couldn't get lock for D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\..\tomcat\logs\scm-server-%g.log
        at java.util.logging.FileHandler.openFiles(FileHandler.java:389)
        at java.util.logging.FileHandler.<init>(FileHandler.java:323)
        at com.sygate.scm.server.util.ServerLogger.<clinit>(ServerLogger.java:125)
        at com.sygate.scm.tools.monitor.SepmMonitor.initLogger(SepmMonitor.java:415)
        at com.sygate.scm.tools.monitor.SepmMonitor.main(SepmMonitor.java:318)
Exception in thread "main" com.sygate.scm.server.util.ScmServerError: java.io.IO
Exception: Couldn't get lock for D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\..\tomcat\logs\scm-server-%g.log
        at com.sygate.scm.server.util.ServerLogger.<clinit>(ServerLogger.java:170)
        at com.sygate.scm.tools.monitor.SepmMonitor.initLogger(SepmMonitor.java:415)
        at com.sygate.scm.tools.monitor.SepmMonitor.main(SepmMonitor.java:318)
Caused by: java.io.IOException: Couldn't get lock for D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools\..\tomcat\logs\scm-server-%g.log
        at java.util.logging.FileHandler.openFiles(FileHandler.java:389)
        at java.util.logging.FileHandler.<init>(FileHandler.java:323)
        at com.sygate.scm.server.util.ServerLogger.<clinit>(ServerLogger.java:125)
        ... 2 more

=============================================================

Any Help?

Luciano Santos

0
Login to vote
bsjj27's picture

I have a few GUP questions hopefully someone can answer me.  When ever I open tickets with Symantec support the techs are always not familar with GUPS.  I have 12.1 rolled out through out my enterprise.  I'm trying my best to keep the chatter between the manager and the clients to a minimum.  I have roughly 100 branches.  Each branch has a branch server, either Win 2008 or Win 2003.  On the branch servers i only install the AV piece of SEP.  On the workstations I have the full SEP client, AV, PTP, and NTP.  Will the branch servers which are GUPS for the office still download the definitions for PTP and NTP to pass out to the clients on the network even though it doesn't have those features installed?  

Another question is we monitor network bandwith through Netflow data, I will at many points through the day see large transfers between the SEPM and clients how can I figure out what it is transfering.  What port to definition file downloads operate over port 8014?  

Any help would really be appreciated.

 

 

0
Login to vote
.Brian's picture

Yes, the GUP will distribute content for all components regardless of what components it has installed.

The clients communicate with the SEPM over 8014.

Clients communicate with the GUPs over 2967.

You would need to use a sniffer such as wireshark to see exactly what is transferring.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

I appreicate the quick response, I'm actually working on a client now that is downloading its definitions from the manager instead of it's GUP.  I checked the GUP has the latest defs and in the SEPM is shows as a GUP.  In the system logs on the client i see in the log it has an error that stats "Failed to connect to all GUPS, now trying to connect to SEPM"  Any ideas how I can continue to troubleshoot this?  

Also how long back does the GUPS hold defs for?  Only reason I ask is these new PC's were installing, the virus defs in the image are back from september, could they be connecting to the gup and the gup is saying you virus defs are too old so go to the sepm?

0
Login to vote
.Brian's picture

You can check this link on troubleshooting GUP communication:

http://www.symantec.com/docs/TECH104539

 

Yes, it will need to grab the full update. It depends on how many revisions you configured the GUP to hold.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

Where do i specify how many revisions the GUP can hold?  I only see GUP options in the policy, options are port, max disk cache, delete content updates if unused, max number of simultaneous downloads to clients and max bandwidth.

0
Login to vote
.Brian's picture

Delete content updates if unused

Set it any number of days you want.

Mon-Fri there are typically 3 revisions per day so 5 days, 3 revisions = 15 total revisions

Sat-Sun is 1 revision per day so 2 total revisions for these days and 17 overall over the course of 7 days.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

if these images haven't been updated in 40 weeks so would I need to set this to 600?  40 weeks x 15 total revisions.

0
Login to vote
.Brian's picture

Yea but you would first need to set the SEPM to hold that many updates. I can't even imagine how many GBs of data this would consume on your hard drive.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

i was thinking the same thing, so either way even if my gups are functioning properly these clients are going to have to connect back to the manager for updates the first time because the manager won't hold updates that far back?

0
Login to vote
.Brian's picture

For the setting "Max tim that clients try to download updates from a GUP before trying the default management server" set it to Never

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

Thats part of the issue, i do have that set to never but still have a lot of the clients connecting back to the management server for updates.  When i originally set it up i had it set to two hours and my network links were getting killed with clients coming back to the manager so i set it to never, the traffic definitely decreased but still have a lot coming back to the manager.  I'm trying to turn on syling debugging now to see hopefully more info.

0
Login to vote
.Brian's picture

Sylink debugging will show the communication so let that run for awhile.

You can also do a wireshark trace.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

is there a way that I can force the client to attempt to connect to the gup, so I can force traffic so I don't need to wait.  Update policy now will only force a connection to the sepm won't it?

0
Login to vote
.Brian's picture

Correct. there is no way to force a check in with the GUP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
bsjj27's picture

ok i'll run a wireshark for tcp port 2967 also while i got you, don't know if you can help me hear but i installed the Content Dist Monitor, GUP health monitor.  Very cool tool so far but I notice the Virus/Spyware content downloads today from SEPM doesn't appear to be working.  It shows 0 for everything when I know thats wrong, ever seen that before?

0
Login to vote
.Brian's picture

When was the last time it was refreshed. I believe the default is an hour?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
adutchman's picture

We have 35,000+ clients in our environment.  Two management server and about 400 GUPs.  The system works great and keeps bandwidth usage to a minimum.  Not sure if how we did it is the best way, but it works for our environemnt.

We have a Location created for each physical site with a matching LiveUpdate policy.  For sites that don't have a local GUP, the clients get the default location and get their updates from a GUP in our data center.

Each LiveUpdate policy is configured the same and is using the option for Single Group Update Provider IP address or host name.  Maximum time that clients try to download updates from a GUP before trying the default management server is set to NEVER.

The GUP settings for each one follows:

Default port: 2967
Maximum disk cache size allowed for downloading updates (MB): 4,000
Delete content updates if unused (days): 30 * that is the maximum value.
Maximum number of simultaneous downloads to clients: 30
Maximum bandwidth allowed for Group Update Provider downloads from the management server: 192 Kbps

See my next post for some troubleshooting tips.

0
Login to vote
bsjj27's picture

i've had it up for about 6 hours now and it refreshes every 10 minutes

Also seeing this in the status, don't no if its related

07/11/2013 14:38:47 There are no access-2013-07-11.log / error-2013-07-11.log files in the folder E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\logs

0
Login to vote
adutchman's picture

You will have to modify the config file for the apache server to enable logging.

Steps to enable Apache Logs on each SEPM server:

  1. Access SEP_INSTALL\apache\conf folder and take backup of httpd.conf file
  2. In httpd.conf file, enable access and error logging. Also set LogLevel to info.

    Error log: Uncomment #ErrorLog "|| bin/rotatelogs.exe logs/error-%Z.log 100M", change log file name format and log rotation to 24 hours. Modified line should be ErrorLog "|| bin/rotatelogs.exe logs/error-%Y-%m-%d.log 86400"

    Access log: Uncomment #CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 100M" combined, change log file name format and log rotation to 24 hours. Modified line should be CustomLog "|| bin/rotatelogs.exe logs/access-%Y-%m-%d.log 86400" combined

    LogLevel: Change LogLevel from warn to info. Modified line should be LogLevel info

  3. Restart the Apache (net stop semwebsrv and net start semsrv)

Note: Apache doesn't purge the old logs. Admin needs to delete the old logs on each server (Can come up with a script to delete).

0
Login to vote
adutchman's picture

Some client to GUP troubleshooting tips:

1st verify that your client can communicate with the GUP.  From the workstation, open your browser and enter the following URL:

http://GUP_IP_ADDRESS:2967/content/ContentInfo.txt

Note that you should use the IP address of the local GUP and the port number you configured in the LiveUpdate policy.

Here is a link to a Symantec KB Article that has instructions on how to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers.  This involves Sylink debugging.

http://www.symantec.com/docs/TECH97190

Also, you can't force communications with a GUP directly, but you can force the client's heartbeat session with the management server, which in turn should trigger communications with the GUP.

Either open a command window and run SMC.exe -updateconfig or launch the client, click on Help at the top right and choose "Troubleshooting" and click on the Update button under Policy Profile.

 

0
Login to vote
bsjj27's picture

Adutchman

I was able to hit this successfully http://GUP_IP_ADDRESS:2967/content/ContentInfo.txt

I'm running wireshark on a client with this filter tcp.dstport==2967

I've restarted the services and forced a policy update, haven't seen any activity on that port yet. 

I edited my conf file and am seeing no errors now but it's still showing that on one has updated content from SEPM which is stange.

 

0
Login to vote
adutchman's picture

Here a link to Symantec KB Article that is dedicated to Sylink Debugging...

http://www.symantec.com/docs/TECH102412

Read this KB article and the link I posted before and it should help you figure out what's going on.  Sylink Debugging is going to be your best chance of figuring out what's going on.

0
Login to vote
bsjj27's picture

Thanks i'll try this and see what i can find, just have to be able to jump on a pc at the right time and have it running while its trying to update, it would be alot easier if i could force it to update.

0
Login to vote
bsjj27's picture

Has anyone see their CPU spike and stay at 100% when running the GUP monitor tool.  I like to keep it running all day long to monitor my GUPS but its killing the CPU on my SEPM.

0
Login to vote
adutchman's picture

My CPU spiked at 40% while the GUP monitor tool was starting up.  With the tool up and running, the CPU is fluctuating between 3% and 8%.  It occaisionally spikes to around 30% but only briefly.

0
Login to vote
ScottM 2's picture

Has anyone tried using this to monitor logs on more than one SEPM at the same time?

I do hope this is built into the SEMP at some point, I'd like the extra visibility on what my clients are doing.

0
Login to vote
dimago's picture

Hello all..

 

Can anyone help me with that error below? Im running 12.1.3

 

error when lock the file...

 

I notice that I cant edit a file and save it, like SepMonitor.bat... I need to save in another location, and after copy it to Tools folder and Windows ask me about privileges, so I confirm and done

 

But Im local and domain admin.. I took ownership from the driver D:

 

I think that it is my problem... any idea how to resolve it?

 

java.io.IOException: Couldn't get lock for D:\Symantec Endpoint Protection Manag
er\Tools\..\tomcat\logs\scm-server-%g.log
        at java.util.logging.FileHandler.openFiles(FileHandler.java:389)
        at java.util.logging.FileHandler.<init>(FileHandler.java:323)
        at com.sygate.scm.server.util.ServerLogger.<clinit>(ServerLogger.java:12
5)
        at com.sygate.scm.tools.monitor.SepmMonitor.initLogger(SepmMonitor.java:
415)

        at com.sygate.scm.tools.monitor.SepmMonitor.main(SepmMonitor.java:318)
Exception in thread "main" com.sygate.scm.server.util.ScmServerError: java.io.IO
Exception: Couldn't get lock for D:\Symantec Endpoint Protection Manager\Tools\.
.\tomcat\logs\scm-server-%g.log
        at com.sygate.scm.server.util.ServerLogger.<clinit>(ServerLogger.java:17
0)
        at com.sygate.scm.tools.monitor.SepmMonitor.initLogger(SepmMonitor.java:
415)
        at com.sygate.scm.tools.monitor.SepmMonitor.main(SepmMonitor.java:318)
Caused by: java.io.IOException: Couldn't get lock for D:\Symantec Endpoint Prote
ction Manager\Tools\..\tomcat\logs\scm-server-%g.log
        at java.util.logging.FileHandler.openFiles(FileHandler.java:389)
        at java.util.logging.FileHandler.<init>(FileHandler.java:323)
        at com.sygate.scm.server.util.ServerLogger.<clinit>(ServerLogger.java:12
5)
        ... 2 more
Press any key to continue . . .

 

 

Thanks anyway

0
Login to vote
adutchman's picture

I had the same problem after I upgraded my management servers from SEP 12.1 RU1 to SEP 12.1 RU3. 

I ended up makeing a backup copy of the entire log folder. Then I deleted the files listed that the could not get locked.

Why is it that anytime someone can't access a file they try to take ownership of an entire drive?

 

0
Login to vote
dimago's picture

It was a problem with file and folder security!

 

solved. Thanks

0
Login to vote
LucianoPS's picture

dimago, i´m have the same problem with 12.1.3.

how do you solve this problem?

Luciano

0
Login to vote
MaRRuT@CC's picture

@Graham:

Any chance to see this tool or tool functionality included in further releases of SEP?

0
Login to vote
TallTomD's picture

Just installed the tool and after some configuration effort I got it working.

 

However, every time I launch the tool I get this error:

GUPMonitorError_0.GIF

 

As you can see there are no spaces in my path name.  I just hit Yes and it seems to work OK.

 

Also, I was wondering about the files included in the tool for 12.1.  There are no instructions on how to use them.  Can somebody explain how to use the files in the tool for 12.1?

 

Thanks,

Tom

0
Login to vote
MaRRuT@CC's picture

Any chance to have this tool added to SEPM soon? The tools seems to be dead, no updates for years right now...

0
Login to vote
ThaveshinP's picture

Guess only be included (hopefully) in SEP 13.

0
Login to vote
Brent.Noble's picture

Managed to get this working recently with 12.1.3 after some messing around.

As mentioned, extract the files to the tools folder, then follow these steps:

Steps to enable Apache Logs on each SEPM server:

  1. Access SEP_INSTALL\apache\conf folder and take backup of httpd.conf file
  2. In httpd.conf file, enable access and error logging. Also set LogLevel to info.

    Error log: Uncomment #ErrorLog "|| bin/rotatelogs.exe logs/error-%Z.log 100M", change log file name format and log rotation to 24 hours.
    Modified line should be ErrorLog "|| bin/rotatelogs.exe logs/error-%Y-%m-%d.log 86400"

    Access log: Uncomment #CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 100M" combined, change log file name format and log rotation to 24 hours.
    Modified line should be CustomLog "|| bin/rotatelogs.exe logs/access-%Y-%m-%d.log 86400" combined

    LogLevel: Change LogLevel from warn to info.
    Modified line should be LogLevel info

  3. Restart the Apache (net stop semwebsrv and net start semsrv)

To get it working on a Server 2008 R2 server with UAC enabled I had to create a new enviornment variable and modify SepmMonitorTool.bat to use my environment variable instead of %CD%.

Works fine now.

Brent

0
Login to vote
ThaveshinP's picture

Has anyone managed to get it working on SEP 12 RU4 ? 

0
Login to vote
novice_sep's picture

Yes, its working on RU4 . We are using it.

0
Login to vote
ThaveshinP's picture

What are the installation steps please? What do I need to do to get this working. I have the beta_v3 folder with the 3 files inside it....

0
Login to vote
.Brian's picture

add the 3 file to the Tools directory under the SEPM folder and run the .bat file to open the GUP monitor

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
ThaveshinP's picture

Copied the files and ran the .bat file as administrator - nothing happens -??? 

0
Login to vote
.Brian's picture

Did you turn off enhanced security in IE?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
ThaveshinP's picture

Got it to work eventually.

0
Login to vote
Jeshrel's picture

Hi,

 

Is there a new version of SEPM Content Dist Monitor for 12.1, if so how and where do i download it from

 

0
Login to vote
GeoGeo's picture

UPDATED: New version now available that is compatible with SEP 12.1

After hearing customers mention they could benefit from increased visibility over the Group Update Providers that are active in their environment, as they are a critical part of their content infrastructure, the Symantec SEP product team have created a small utility to help customers address this need.

Its a v lightweight utility that must be run directly on a SEPM machine and will provide customers with a quick glance dashboard.

Warning: This is not an officially supported tool so it is use at own risk. That said, it is reading from the various data sources it accesses, not writing to them, so use of the tool is typically low risk, and customers that have used it so far have reported no negative side-effects.
Best Regards,
GrahamA.
 
Product Management
Symantec Corporation

 

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

0
Login to vote
adutchman's picture

Wow, I subscribe to this threat and I just received an e-mail that led me to believe that there was an update to the SEP Content Distribution Monitor for SEP 12.1.

To my chagrin, I discovered that GeoGeo just reposted the original post published by the tool's author, GrahamA.

What a let down!

 

0
Login to vote
GeoGeo's picture

Well I'm using that current version on SEPM 12.1 RU4a and it's working fine. What update are you looking for? it's a 3rd party unsupported tool. 

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

0
Login to vote
adutchman's picture

I am using that version as well, however there seems to be a bug when reading the access logs to calcualte the amount of content data transferred from the SEPM

I posted this on Jul 03, 2012 here ...

https://www-secure.symantec.com/connect/downloads/...

I was hoping that the issue was addressed with an update.

I did come up with a work around but it's a pain.  I created a folder to store the access logs in and manually copy them to it.  Then I pointed the tool to that folder.

 

 

 

 

 

+1
Login to vote
Jeshrel's picture

Thank you for your answers,

 

Can we intergrate multiple SEPM's on one GUP like the SEP content distribution monitor for SEP 11.0.x???

 

0
Login to vote
dimago's picture

Hello guys!!!

I have had some problems with the size of the logs, mainly with access.log in the apache...

To solve this situation, I created a script to help me deleting that files... access and error

For secure reasons, I keep it for 60 days, ok?

Take a look in this link, maybe it will be helpful :)

https://www-secure.symantec.com/connect/downloads/...

Regards!

Diego

0
Login to vote
Mike.S's picture

Hi Everyone,

For those of you who still use 11.x like I do, I've taken the .hta code and modified it to provide additional functionality. Definitions make up the bulk of the downloads, but sometimes you want to know what else is being downloaded. To that end I've added 2 buttons. One to enumerate which clients or GUPs are downloading full definitions, and another button to show other SEP content broken down by component. I've also changed the Low Disk Space threshold to 1 GB.

Have fun...

 

Here's a screen cap, including distribution summary for an idea of my scope.

As I was setting the monitor up, I realized IIS logging is having some difficulty in reporting success code " 200 " but with 0 bytes. Also for my testing. IIS also was putting logs into older file, but tool parsing looks at last modified, not date and last modified. That will be next revision...

Full Download IP List

Other content breakdown.

Thanks to Graham and the Symantec team for allowing me to modify and publish the code here. Just download the file and change extension to .hta.

AttachmentSize
SEP_Content_DistMonitor.txt 136.9 KB
0
Login to vote
Poettone's picture

Thank you for the insight into using this monitor. I'm fairly new to the tool and find it very useful so far. I was wondering what the steps are to use the tool "SEP_Content_DistMonitor.txt" from Mike S. I've downloaded this in our test environment and have re-named the file, but unsure of what to do next as simply launching it produces an error as follows:

 

Cannot access the configuration file (config.ini)

Plesae verify this file resides in the same directory from which you launched the hta file.

 

Also, in our production enviornment I do not see any logs being produced with the error: "There are no Apache access/error log files for today", but this shows up everyday.  In the status window, I get the following entries:

I'm sure its a simple configuration somewhere, but still new to the product and its configs.

Appreciate any assistance that can be provided.

 

Cheers!

0
Login to vote
Mike.S's picture

Hi, thanks for trying this out. The txt file I uploaded is meant to replace Sylink-monitor...hta after original package was downloaded and installed. Please install and configure original package and once working, replace .hta file.

0
Login to vote
Mike.S's picture

http://www.symantec.com/connect/sites/default/file...
~~~~~~~~~~~~~~~~~

Hi Poettone,

Download full monitor package from above. Extract to tools directory (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Tools)

View tutorial and look at the readme.txt for insights in configuring.
Logging only needs to be set up for 'Symantec Web Server' site in IIS. Which version are you using?

My other stumbling block was SQL access method. Make appropriate changes to config.ini for your environment. Sample config.ini below...

Run SEP Monitor (I created a shortcut on desktop)
I didn't delete original .hta file. I copied and renamed copy, and modified that file leaving original intact.
Rename my .txt file to .hta, and run it. It will pick up already configured config.ini file.
Make sure you change desktop shortcut to reflect new .hta file.

NOTE: In my example config.ini below, I have autorefresh off. For the size of my environment, it takes some time to process IIS Log files. Running multiple instances of SEP Monitor, with auto refresh enabled could affect server performance.
NOTE2: First server host SEPM and SQL, Second server only SEPM

 

Let me know how it works...
And thanks for trying my mods.

Mike

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
connection_type=OLEDB
OLEDB_string=Provider=SQLOLEDB;Data Source=10.150.37.50;Initial Catalog=sem5;Integrated Security=SSPI

OLEDB_Username=SQL-RO-User
OLEDB_Password=<SQL-RO-User Password>
SEPM1_IISlogPath=\\10.150.37.50\D$\Inetpub\Logs\LogFiles\W3SVC2\
SEPM2_IISlogPath=\\10.150.37.51\D$\Inetpub\Logs\LogFiles\W3SVC2\
sepm_path=\\10.150.37.50\d$\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\
autorefresh=NO
refresh_interval=60
resize=DISABLE
tune_for_large_environment=ENABLE
show_clientcontent_data=SHOW
GUP_AVAS_green=630
GUP_IPS_green=630
Clients_AVAS_green=32000
Clients_IPS_green=32000
clientview_AVAS=ByGroup_AVAS
clientview_IPS=ByGroup_IPS
operational_status=HIDE
sepm_domain=HIDE
sepm_group=SHOW
windows_domain_filter=
GUP_view=ALL

0
Login to vote
ThornGabriel's picture

Any updated instructions for SEPM 12.1 installations?  Since IIS is no longer used with newer versions of SEPM and Apache is used instead, I am getting lots of errors just trying to install the utility.

Thanks!

 

 

0
Login to vote
.Brian's picture

Should be in the readme in the download.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
JonathanE's picture

Disregard.  I found the answer

 

0
Login to vote