Video Screencast Help

How to include the Linux client into the SEPM 12.1.3 reporting ?

Created: 17 Jun 2013 • Updated: 20 Jun 2013 | 12 comments
This issue has been solved. See solution.

As per https://www-secure.symantec.com/connect/blogs/whats-new-latest-symantec-endpoint-protection-sep-121ru3 I saw that there is supports now for SAV for Linux client reporting.

Which SAVFL client version it is supported at the moment to report into the SEPM 12.1.3 server ?

Operating Systems:

Comments 12 CommentsJump to latest comment

Brɨan's picture

You need to use SAV for Linux Reporter:

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:DOC3474 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2010-12-15 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2011-11-01 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/DOC3474

Check the awesome article by Mick2009 on setting it up

SAV for Linux: A (Somewhat) Illustrated Guide Part 4: SAVFL Reporter

https://www-secure.symantec.com/connect/articles/s...

Per Mick's article:

How to get SAVFL Reporter Working?

Make sure that your SAVFL version is MR10 or above, and that you have Perl in place on the Linux machine.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
John Santana's picture

Thanks Brian, somehow I can only see that I have Symantec AntiVirus for Linux 1.0.14 from the release notes.

Is that MR14 which is higher than MR10 as per Mick's article ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

W007's picture

hello,

Check this thread

https://www-secure.symantec.com/connect/forums/savfl-sep-linux-status-check

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Mick2009's picture

Hi John,

Here's more details on the change that went into RU3:

Linux clients are not included in the computer status details

Fix ID: 2900287

Symptom: Computer status logs are missing data about Symantec AntiVirus for Linux (SAVFL) clients. The exported logs do not contain Linux or Symantec AntiVirus (SAV) 10.x client information.

Solution: Modified the computer status query to include entries for Linux and Symantec AntiVirus 10.x clients.

On the SEPM, go to Monitors -> Logs -> Computer Status, view log.  Both on the screen and in the export of this report, there should now always be an entry for the SAV for Linux clients which are configured to send their logs to this SEPM.  In previous versions, this did not always work correctly.

There are very cool Mac and Linux enhancements planned for the next couple of releases of SEP.... stay tuned!  &: )

Mick  

With thanks and best regards,

Mick

John Santana's picture

Wow, that sounds Cool Mick,

I always wanted to manage the SAVFL from the SEPM because at the moment the SAVFL installed is sort of... standing by itself like unmanaged SEP client.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Mick2009's picture

There are some very cool enhancements under development with regards to Linux.  I'm afraid that I cannot say more as to what is involved or when they are coming, but I have seen a demo.  It's going to make a lot of admins pretty happy.

In the meantime, definitely ensure those Linux machines are patched, have an AV like SAVFL, and are following best security practice with regards to configuration, passwords, and third party program patches/updates.  Symantec is aware of a number of recent threats that target this OS.  Security Response has blogged publically about a few of them.  Other security news sources have covered others.

https://www-secure.symantec.com/connect/blogs/remote-linux-wiper-found-south-korean-cyber-attack

https://www-secure.symantec.com/connect/blogs/when-web-servers-serve-evil

All the best,

Mick

With thanks and best regards,

Mick

John Santana's picture

Wow that sounds promising, I'll stay tuned in this forum to get the latest update about the SAVFL client.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

pete_4u2002's picture

it will be still unmanaged, in earlier version of SEPM generating report did not give linux information from linux reporter. RU3 has that fix.

Thumbs up to Mick to claryfying the doubt most of us have.

John Santana's picture

Yes, that is what I can see now from the SEPM console.

thanks Pete !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Jwelina's picture

Hello,

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes

Article:DOC3474  |  Created: 2010-12-15  |  Updated: 2011-11-01  |  Article URLhttp://www.symantec.com/docs/DOC3474
Ambesh_444's picture

Hi,

Please let me know if any more help required.

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."