Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

HOWTO - Custom Report for "Failed to download from Group Update Provider"

Created: 17 Jan 2013 | 6 comments

Hello,

I would like to know how to create a custom report that lists all SEP clients with the Event Type "Failed to download from Group Update Provider".

When I go to SEPM (SEP 12 RU2) > Monitors > Log type: System, Log Content: Client Activity

I don't see the option under Event type to select "Failed to download from Group Update Provider". Instead, the closest I can get to filtering for this event type is to specify Event Source as "SYLINK"

In our environment we have over 1000 GUPs (SEP 11 RU7 MP1 ) for nearly 200K clients (Varying versions of SEP 11), so I really need a streamlined way to make sure all these clients are receiving defs from the GUPs wink

Comments 6 CommentsJump to latest comment

.Brian's picture

What you did is correct and probably the best you will get. Export to CSV and filter on the Description field.

Than you can quickly pull out the failures.

There is no way to filter on the description field in the SEPM reports

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

RSASKA's picture

Wow, that's really inconvenient for the admin who has to go through reports to analyze events.

Anyway, I just created an idea for Symantec that will allow the users to specify what Event Type SEPM should filter out, rather than having the user export a very large csv (takes at least 15 minutes), load it onto their machine, then manually having to filter the events themselves.

https://www-secure.symantec.com/connect/ideas/allow-user-specify-event-type-system-reports-rather-selecting-limited-drop-down

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

.Brian's picture

+1 from me

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Thumbs up to the above advice - this would be the proper way to do it. You can then set as well the desired Severity of the occurance - successful Sylink event will have "Information" severity.

I believe the failed events should have at least severity @Warning@ but cannot check it myself at the moment it would make sense though.

EDIT: have jsut contributed to the idea as well:D

RSASKA's picture

Thanks guys!

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

TORB's picture

Hi

Check out IT-Analytics. You can easily find what your looking for in the the client communication cube.

(I think that is what it was called).

Regards

Torb