Endpoint Protection

 View Only

  • 1.  Importing Symantec summarized log information into another solutions DB

    Posted Jul 03, 2015 08:51 AM

    Hi,

    I was wondering what would be the best efficient way to import summerized log information from SEPM into a 3rd party software/DB that I would like to create.

    For example, I would like to pull the amount of stations on which an agent is installed, amount of total stations scanned in a period of time, total malware found, total removed etc. 

    How can I learn where exactly this information is at and the best way to import it? 

    Is there a development kit which I can use with logs for example I can use in order to test what I developed?

    Is there an automated way to do it with the Symantec solution without extra development?

    Is there a list of data someplace at managerial level which I can use in order to see which data is ready for import?

    Is it working the same with other Symantec security solutions such as NAC for example. Is the reporting technology similar?

    I would like to import only very specific data which I can use for managment reports for end of quarter for eample. Maybe some automated reports exists? If yes, is it possible to get a developers kit in order to use them?

    Thank you for your answers!



  • 2.  RE: Importing Symantec summarized log information into another solutions DB

    Posted Jul 03, 2015 09:04 AM

    "IT Analytics" is a reporting tool which is included in the product's tools download.

    Refer to the following links for further details.

    https://www-secure.symantec.com/connect/articles/it-analytics-71-faq-and-resources

    https://www-secure.symantec.com/connect/articles/it-analytics-symantec-endpoint-protection-glossary-terms

     

    Please let me know if this is helpful.



  • 3.  RE: Importing Symantec summarized log information into another solutions DB

    Posted Jul 03, 2015 09:32 AM

    The easiest way I can think of to do this is to utlise the External Logging feature on the SEPM to send a feed to a Syslog server:

    http://www.symantec.com/docs/HOWTO27261

    It's exactly the same for the EOL SNAC product, which also uses the SEP Client.  You get filtering options to choose what you want to send to syslog too.

    Otherwise, you're looking at options like that mentioned by Seyad, or potentially doing it yourself by picking through the DB Schema and grabbing the info out of the DB.



  • 4.  RE: Importing Symantec summarized log information into another solutions DB

    Posted Jul 03, 2015 11:01 AM

    Is there a developers kit that can be used to development and testing?

    We don't have the Symantec solution installed in our company. But we would like to learn to import the data anyway.

    Thanks!



  • 5.  RE: Importing Symantec summarized log information into another solutions DB

    Posted Jul 03, 2015 11:13 AM

    If it's just data extraction you're after, then the DB schema article below should be all you need:

    http://www.symantec.com/docs/DOC8633

    After that it's just SQL scripts to grab whatever you want from it.