Endpoint Protection

Hello,

I would like to know how to create a custom report that lists all SEP clients with the Event Type "Failed to download from Group Update Provider".

When I go to SEPM (SEP 12 RU2) > Monitors > Log type: System, Log Content: Client Activity

I don't see the option under Event type to select "Failed to download from Group Update Provider". Instead, the closest I can get to filtering for this event type is to specify Event Source as "SYLINK"

In our environment we have over 1000 GUPs (SEP 11 RU7 MP1 ) for nearly 200K clients (Varying versions of SEP 11), so I really need a streamlined way to make sure all these clients are receiving defs from the GUPs

What you did is correct and probably the best you will get. Export to CSV and filter on the Description field.

Than you can quickly pull out the failures.

There is no way to filter on the description field in the SEPM reports

Wow, that's really inconvenient for the admin who has to go through reports to analyze events.

Anyway, I just created an idea for Symantec that will allow the users to specify what Event Type SEPM should filter out, rather than having the user export a very large csv (takes at least 15 minutes), load it onto their machine, then manually having to filter the events themselves.

https://www-secure.symantec.com/connect/ideas/allow-user-specify-event-type-system-reports-rather-selecting-limited-drop-down

+1 from me

Thumbs up to the above advice - this would be the proper way to do it. You can then set as well the desired Severity of the occurance - successful Sylink event will have "Information" severity.

I believe the failed events should have at least severity @Warning@ but cannot check it myself at the moment it would make sense though.

EDIT: have jsut contributed to the idea as well:D

Thanks guys!

Hi

Check out IT-Analytics. You can easily find what your looking for in the the client communication cube.

(I think that is what it was called).

Regards

Torb