Video Screencast Help

Configuring SAVFL reporting to the SEPM

Created: 10 Feb 2012 | 8 comments
Outrageous's picture

Hello friends,

Could some one tell me that how can i configure SAVFL for sending reports to the SEPM?

do reply. Thanks in advance.

Regards,

Comments 8 CommentsJump to latest comment

Mick2009's picture

Hi Outrageous,

I set up my SAVFL on Ubuntu to forward its logs recently to my SEP 12.1 SEPM, so can pass on some recommended reading and advice. 

First off: what is your version of SAV for Linux?  (SAVFL)?  If it is a recent version, then the necessary Reporter install package is right on the CD.  SAVFL Reporter is not installed by dfault with SAVFL, but it is straightforward enough to install and configure.  The readme attached to this article has all teh necessary info.

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes
Article: DOC3474 | Created: 2010-12-15 | Updated: 2011-11-01 |
Article URL http://www.symantec.com/docs/DOC3474 
 

Next, set up the SEPM:

How to enable the 12.1 Symantec Endpoint Protection Manager (SEPM) to receive logging from legacy clients.
Article: TECH157463 | Created: 2011-04-05 | Updated: 2012-01-31 |
Article URL http://www.symantec.com/docs/TECH157463  
 

The threat logs, etc from Ubuntu were then seen in my SEPM's reports, and they trigger notifications, etc in case of outbreaks.

Give it a try - please keep this thread up top date with your progress!

All the best,

Mick

With thanks and best regards,

Mick

Outrageous's picture

@Mick thanks...i've SAVFL 12.1 RU1

Mick2009's picture

Fantastic - it should work fine.  &: )

Do let the forum know of any trouble you encounter, or add a quick post if everything goes smoothly!

With thanks and best regards,

Mick

Outrageous's picture

@Mick i was reading the readme file of SAVFL reporter 1.0 in which they have written that it's compatible with SEP 11 but i have SEP 12.1.

Mick2009's picture

Yes, that raedme file was written before SEP 12.1 was released.  I can confirm that on SEP 12.1's SEPM it's 100% supported and works.  &: )

With thanks and best regards,

Mick

Mick2009's picture

Hi Outrageous,

Just checking if you got SAVFL Reporter working.  The thread is still marked "needs solution."

All the best,

Mick

With thanks and best regards,

Mick

Mick2009's picture

Just adding to this thread the solution to one potential cause of SAVFL Reporter failure:

Symantec AntiVirus for Linux Reporter Fails to Forward Events, Error "Undefined subroutine.... line 128"
Article: TECH189759   |  Created: 2012-05-25   |  Updated: 2012-05-25   | 
Article URL http://www.symantec.com/docs/TECH189759

Making sure that Perl is up-to-date and contains the correct module packages will enable SAVFL Reporter to function.

Hope this helps!

Mick
 

With thanks and best regards,

Mick