Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

How to include the Linux client into the SEPM 12.1.3 reporting ?

Ambesh Sharma

Ambesh SharmaJun 20, 2013 12:33 AM

Hi, Please let me know if any more help required.

  • 1.  How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 17, 2013 07:54 PM

    As per https://www-secure.symantec.com/connect/blogs/whats-new-latest-symantec-endpoint-protection-sep-121ru3 I saw that there is supports now for SAV for Linux client reporting.

    Which SAVFL client version it is supported at the moment to report into the SEPM 12.1.3 server ?



  • 2.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?
    Best Answer

    Posted Jun 17, 2013 07:58 PM

    You need to use SAV for Linux Reporter:

    Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes

    Article:DOC3474  |  Created: 2010-12-15  |  Updated: 2011-11-01  |  Article URL http://www.symantec.com/docs/DOC3474

     

    Check the awesome article by Mick2009 on setting it up

    SAV for Linux: A (Somewhat) Illustrated Guide Part 4: SAVFL Reporter

    https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-4-savfl-reporter

    Per Mick's article:

    How to get SAVFL Reporter Working?

    Make sure that your SAVFL version is MR10 or above, and that you have Perl in place on the Linux machine.



  • 3.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 18, 2013 12:55 AM

    Thanks Brian, somehow I can only see that I have Symantec AntiVirus for Linux 1.0.14 from the release notes.

    Is that MR14 which is higher than MR10 as per Mick's article ?



  • 4.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?
    Best Answer

    Posted Jun 18, 2013 12:56 AM

    hello,

    Check this thread

    https://www-secure.symantec.com/connect/forums/savfl-sep-linux-status-check



  • 5.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 18, 2013 06:14 AM

    Hi John,

    Here's more details on the change that went into RU3:

    Linux clients are not included in the computer status details

    Fix ID: 2900287

    Symptom: Computer status logs are missing data about Symantec AntiVirus for Linux (SAVFL) clients. The exported logs do not contain Linux or Symantec AntiVirus (SAV) 10.x client information.

    Solution: Modified the computer status query to include entries for Linux and Symantec AntiVirus 10.x clients.

    On the SEPM, go to Monitors -> Logs -> Computer Status, view log.  Both on the screen and in the export of this report, there should now always be an entry for the SAV for Linux clients which are configured to send their logs to this SEPM.  In previous versions, this did not always work correctly.

    There are very cool Mac and Linux enhancements planned for the next couple of releases of SEP.... stay tuned!  &: )

    Mick  



  • 6.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 18, 2013 08:49 PM

    Wow, that sounds Cool Mick,

    I always wanted to manage the SAVFL from the SEPM because at the moment the SAVFL installed is sort of... standing by itself like unmanaged SEP client.



  • 7.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Broadcom Employee
    Posted Jun 18, 2013 09:29 PM

    it will be still unmanaged, in earlier version of SEPM generating report did not give linux information from linux reporter. RU3 has that fix.

    Thumbs up to Mick to claryfying the doubt most of us have.



  • 8.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?



  • 9.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 19, 2013 01:29 AM

    Hello,

    Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes

    Article:DOC3474  |  Created: 2010-12-15  |  Updated: 2011-11-01  |  Article URLhttp://www.symantec.com/docs/DOC3474

     



  • 10.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 19, 2013 04:51 AM

    There are some very cool enhancements under development with regards to Linux.  I'm afraid that I cannot say more as to what is involved or when they are coming, but I have seen a demo.  It's going to make a lot of admins pretty happy.

    In the meantime, definitely ensure those Linux machines are patched, have an AV like SAVFL, and are following best security practice with regards to configuration, passwords, and third party program patches/updates.  Symantec is aware of a number of recent threats that target this OS.  Security Response has blogged publically about a few of them.  Other security news sources have covered others.

    https://www-secure.symantec.com/connect/blogs/remote-linux-wiper-found-south-korean-cyber-attack

    https://www-secure.symantec.com/connect/blogs/when-web-servers-serve-evil

    All the best,

    Mick



  • 11.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 19, 2013 10:04 PM

    Wow that sounds promising, I'll stay tuned in this forum to get the latest update about the SAVFL client.



  • 12.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 19, 2013 10:06 PM

    Yes, that is what I can see now from the SEPM console.

    thanks Pete !



  • 13.  RE: How to include the Linux client into the SEPM 12.1.3 reporting ?

    Posted Jun 20, 2013 12:33 AM

    Hi,

    Please let me know if any more help required.