Ayuda de vídeo de Screencast

Enhance the Client-Server Activity Reports in the SEPM

Created: 22 Enero 2013 • Updated: 22 Enero 2013 | 8 comments
el cuadro de los Mick2009
9 Acepto
1 Discrepe
+8 10 Votos
Login to vote

At present, there is a wealth of information that can be generated from the Symantec Endpoint Protection Manager (SEPM) about the SEP clients it controls.  These reports can be created from Monitors and Reports tabs on the SEPM.

About the information in the System reports and logs
Article URL http://www.symantec.com/docs/HOWTO27546 
 

The Client-Server Activity logs can report, for instance, exactly when a SEP client downloaded new definitions, and from which SEPM (in an organization which has several).  For example:





Time Stamp Event Type Host Name User Name Domain Name Server Name
19/01/2013 19:55 Client has downloaded the content package client045 admin51 sepdomain SEPM1
19/01/2013 19:53 Client has downloaded the content package client43 vmadmin sepdomain ANOTHER_SEPM
19/01/2013 19:51 Client has downloaded the content package client001 Administrator sepdomain THIRD_SEPM

If this report also added details on what version of definitions (filename) were in that package and whether the update came directly from the SEPM or went through a GUP, it would provide administrators with even better information about how their organization's update infrastructure is operating. 

For instance: it would be immediately clear from such an enhanced report if too many SEP clients are downloading full.zip files rather than the smaller (delta) .dax files.  It would also make it easy to see if clients are evenly spread across the GUPs, or if all the clients are using just one.  These added details would help troubleshooting efforts immensely.

At present, it is possible to dig into an additional report to see if a GUP was involved, but this could be made more convenient.

Where does the SEPM show that SEP 12.1 clients are downloading content from GUPs?
Article URL http://www.symantec.com/docs/TECH187283 
 

The information (filenames, name of GUP used) are visible in the individual SEP client logs, so it should be wholly possible to get that information communicated to the SEPM and displayed in useful reports such as the one proposed here.

Comentarios ComentariosIr al último comentario

el cuadro de los SebastianZ

Great idea Mick - thumbs up for above. This would be very welcome from the support perspective as well - no more need to dig up through several logs to find the source of downloads.

+2
Login to vote
el cuadro de los John Cooperfield

Excellent idea. Even before I look at GUP activity, I would review the aspect of client using  full.zip files rather than the deltas.

+2
Login to vote
el cuadro de los NRaj

Something like the list of clients getting updates from SEPM / GUP / LUDP will help a lot.

+1
Login to vote
el cuadro de los Chetan Savade

Refer this thread as well: https://www-secure.symantec.com/connect/forums/inf...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
el cuadro de los JUSTICE

UPDATE: Clearly a nice feature and much needed in the role of a SEPM admin. BTW http://www.symantec.com/docs/HOWTO27546 is showing as of 7-7-2015 "There is no article that matches your request" (https://support.symantec.com/en_US/article.HOWTO27546.html)

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

0
Login to vote
el cuadro de los Mick2009

Many thanks- that artle was retired.  The closest current one is:

About the different types of Symantec Endpoint Protection Manager Reports
Article URL: http://www.symantec.com/docs/TECH95538
 

With thanks and best regards,

Mick

0
Login to vote
el cuadro de los JUSTICE

@Mick2009 thanks for the update and that one you referenced came under our radar for management to know. The other links referenced in TECH95538 and specially: About System reports and logs (Article: TECH95546) is a daily topic of discussion with management to know and understand. Appreciate your work as always as I reference your work to my management. Bravo Zulu to you here and we hope this becomes a reality with the Reports in a future release of this outstanding product.

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

0
Login to vote