Video Screencast Help

How to verify that client are take defintion from GUP

Created: 10 Oct 2012 • Updated: 11 Oct 2012 | 11 comments
This issue has been solved. See solution.

When we configured the GUP how we can verify that client are take defintion from GUP only not from SEPM.

Discussion Filed Under:

Comments 11 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Check this Article:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

I would also suggest you to check the Articles below which may interest you:

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

http://www.symantec.com/docs/TECH104539

Group Update Provider(GUP): Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US

SEP Content Distribution Monitor / GUP monitoring tool

http://www.symantec.com/business/support/index?page=content&id=TECH156558

GUP content monitoring tool video

https://www-secure.symantec.com/connect/videos/sep-content-distribution-monitor-introduction

and 

Link to download the SEP Content Distribution Monitor Utility 

https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mithun Sanghavi's picture

Hello,

Yes, check this Article:

How to determine what content SEP 12.1 clients are downloading from a GUP?

http://www.symantec.com/docs/TECH188574

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Ashish-Sharma's picture

hi,

Check this artical

How to analyze Debug logs from GUP to determine which clients are taking definitions from GUP

https://www-secure.symantec.com/connect/articles/how-analyze-debug-logs-gup-determine-which-clients-are-taking-definitions-gup

Thanks In Advance

Ashish Sharma

 

 

Prem Yadav's picture

Thanks above given article are helpfull for raised issue.i having 1 more query related with GUP.

Q:when we configured a client as a GUP & kept in the same group where it serving as a GUP.My question is

GUP as a antivirus client it will take definition from SEPM or it will raised definition request through the GUP.

 

 

Mithun Sanghavi's picture

Hello,

The Group Update Provider was a feature request to support designating a particular client to serve as a computer that will get content updates and publish them. This is designed to provide functionality vaguely similar to configuring a legacy Symantec AntiVirus client as a secondary server.

A Group Update Provider is a client computer that receives updates from a management server. It then forwards the updates to the other client computers in the group. A Group Update Provider can update multiple groups.

The computer that is downloading and publishing the content is referred to as the “Group Update Provider.” The computers in the client group will use the designated “Group Update Provider” as a local proxy for content updates.

Note: Group Update Providers distribute all types of LiveUpdate content except client software updates. Group Update Providers also cannot be used to update policies.

Setting up a Group Update Provider is easier than setting up an internal LiveUpdate server. Group Update Providers are less resource-intensive and so reduce the load on the management servers.

This method is particularly useful for groups at remote locations with minimal bandwidth.

See Configuring Group Update Providers to distribute content .

Reference: 

http://www.symantec.com/docs/TECH102541

http://www.symantec.com/docs/HOWTO55172

http://www.symantec.com/docs/TECH96419

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ashish-Sharma's picture

hi,

The GUP will download definitions on-demand for itself and any clients configured to update through it. The GUP will cache all downloaded content according to the settings in its LiveUpdate policy. Clients that have been configured to use a GUP will download definitions directly from the GUP instead of SEPM. By this method, bandwidth is conserved. There must be sufficient bandwidth between the GUP and the SEPM to allow the GUP to download the full and delta definition packages being requested by SEP clients. The larger the spread of definition revisions used by the clients, the larger the bandwidth utilization between the SEPM and the GUP

Reference

http://www.symantec.com/business/support/index?page=content&id=TECH93813

Thanks In Advance

Ashish Sharma

 

 

SMLatCST's picture

A SEP client acting as a GUP will request/download content from itself.  If you look in the Client Management Log -> System logs on the GUP, you'll see logs like those below:

 

11/10/2012 10:50:57 Information Downloaded content from GUP <IPAddress>:2967
 
Where <IPAddress> is the GUP's own IP address.  I swiped this from my own test client.
.Brian's picture

You could run Wireshark on the GUP.

To see delta updates, set this display filter:

frame matches "\.[Dd][Aa][Xx]" && tcp.port==8014

To see full updates, set this display filter:

(frame matches "(?i)full.zip" ) && (tcp.srcport == 8014)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ian_C.'s picture

@Prem Yadav Glad you found an answer to your question.

Another option would be to use SQL to query the database directly. See my post in the SQL query thread.

Please mark the post that best solves your problem as the answer to this thread.