Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

Created: 29 Oct 2013 • Updated: 04 Nov 2013 | 7 comments
Surrogate's picture
This issue has been solved. See solution.

I'm in the SEP Manager console on the Monitors tab.  I'm running the 'Computer Status' log over the past 24 hours.

I'm looking at the column labeled 'Last Time Status Changed'; from my understanding this time-stamp is basically the last time the client checked in with the SEP manager.

Knowing this, is it possible to have a time-stamp for 'Last Time Status Changed' that is older than say...'Last Time Scanned'?

SEP last time status changed post.JPG

If the last time my agent checked in was on the 28th, how do I know the last scan was ran today?

Any insight into this report would be greatly appreciated, thank you.

Operating Systems:

Comments 7 CommentsJump to latest comment

Rafeeq's picture
  • The Last Time Status Changed column displays the time that the client last communicated with the management server. this could be from offline to online or a location change. It does not mean that it did not connect to sepm after that.

  • again is your sepm in pull mode or push mode? whats the communication interval you have set.. can you check that?

Surrogate's picture

So the column 'Last Time Status Changed' isn't just "when the client last communicated with the SEP manager" literally is the Agent status changing?    

This is interesting because none of my agents should be switching from online to offline or changing locations, however my clients update this timestamp regularly.  What exactly causes a status change for an agent?

This client is neither push or pull mode; it's a SAVFL agent (version 1.0.14 build 13) running on a server (Oracle Enterpise Linux 5.9).  It's configured to send logs to the SEP Manager using the SAVFL reporter tool.

Rafeeq's picture

SAV cannot talk to SEPM, so its not the last time It contacted the manger in this scenario.

I need to check how SAV logs are interpreted in SEPM.

Rafeeq's picture

Can you check the report with time range as last week,

AFAIK it should be the last time it fwded the logs to sepm.

so on 26th it should have sent something and on 28th It ran scan.

Surrogate's picture

That is where the confusion is for me, if that time-stamp is the last time the SAVFL agent forwarded the logs to the SEPM, how does the SEPM know that the last scan occured one day later?

Rafeeq's picture

Last time it  connected to SEPM on 28th ( Still connected )

So it sent the logs on 29th.

You can easliy test this by stopping the smc service and restarting it and setting a small test after few hours.

Surrogate's picture

I see, thank you Rafeeq for clearing up my confusions.  I have a better understanding of now of what this means.