Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Linux clients won't update definitions from SEPM/LUA 12.1.5

Chetan Savade

Chetan SavadeMar 05, 2015 06:54 AM

You mean it worked in second attempt?

  • 1.  Linux clients won't update definitions from SEPM/LUA 12.1.5

    Posted Mar 03, 2015 03:36 AM

    I have SEPM 12.1.5 installed. I have couple of linux clients connected to SEPM.

    They have old definitions. Before I updated linux clients via unix.sh file, but because I installed offline LUA server and I'm downloading "Avenge MicroDefs25 SavCorp10 Linux Virus Definitions" I expected, that linux clients will be updated via this content. All windows clients are up to date from same source...

    Is it a right thinking or I have to still continue with unix.sh file instalation on all linux servers?

    Thanks for answer.



  • 2.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Broadcom Employee
    Posted Mar 03, 2015 05:10 AM

    Hi,

    The enterprise version of Symantec Endpoint Protection now includes the Symantec Endpoint Protection client for Linux. The Symantec Endpoint Protection client for Linux replaces the Symantec AntiVirus client for Linux and supports a greater range of distributions and kernels. Added distributions include Red Hat Enterprise Linux Server (RHEL) 6.5 and CentOS 6.5

    SEP for Linux clients can now be managed by an RU5 SEPM, or later. Configuration enhancements have been made to the SEPM to allow policy creation for managed Linux clients. This includes AV policy settings, centralized exceptions, and LiveUpdate settings. The SEPM also features enhanced reporting for Linux clients, including the SEP client version, host OS details, and hardware details. 

    Note: SEPM can not distribute content updates (Virus & Spyware) to SEP linux client, You need LUA or internet liveupdate server.

    Make sure policy is assigned correctly to point clients to LUA.



  • 3.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Broadcom Employee
    Posted Mar 03, 2015 05:17 AM

    In Symantec Endpoint Protection (SEP) 12.1.4 (12.1 RU4) and later, you have at least two options for downloading LiveUpdate (LU) content to Symantec Endpoint Protection clients for Mac and Linux.

    1. Use Symantec LiveUpdate Administrator 2.x (LUA 2.x).  This is the best option for installations with larger numbers of Mac and/or Linux computers.
       
    2. For smaller installations, configuring the Apache Web server as a reverse proxy works well. This enables the Apache Web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This results in saving of external network bandwidth.

    Check these articles for more details:

    Configuring Symantec Antivirus for Linux (SAVFL) to download definitions from the Distribution Center of an internal LiveUpdate Administrator (LUA) 2.x Server

    http://www.symantec.com/docs/TECH93505

    Enabling Mac and Linux clients to download LiveUpdate content using the Apache Web server as a reverse proxy

    http://www.symantec.com/docs/HOWTO85034



  • 4.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Broadcom Employee
    Posted Mar 03, 2015 06:35 AM

    Hi,

    You are downloading correct file "Avenge MicroDefs25 SavCorp10 Linux Virus Definitions". But have you replaced Liveupdate host file?

    A liveupdt.hst file can be exported from the LUA 2.x graphical user interface. The client settings file can point to one or more LUA 2.x Distribution servers. The list can include both primary servers and failover servers. LiveUpdate will attempt to connect to the servers in the order that they are listed.

    To generate a host file for Java LiveUpdate clients:
     

    1. Click the Configure tab, and then click Client Settings.
    2. Select the Distribution Center for which you wish to create a host file, and then click Export Java Settings.
    3. Click Save.
    4. Select the location to save the file, and then click Save.

    1. The file for Java LiveUpdate clients should be saved as liveupdt.hst. It can then be copied to the SAVFL client's working directory, which by default should be /tmp.

    See this article for more details: http://www.symantec.com/docs/TECH93505

    If issue still occurred then to identify the exact issue, you require environmental and troubleshooting information. LiveUpdate Administrator enables you to collect the troubleshooting information in an luadebuginfo.zip file. You can generate this file and send it to Symantec Technical Support to identify the root cause of the issue.

    To generate the troubleshooting file
    1. On the LiveUpdate Administrator user interface, click Troubleshoot.
    2. Click Begin.
    3. Click Save.
    4. Select the location in your system where you want to save this file, and then click Save.


  • 5.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Posted Mar 03, 2015 08:18 AM

    Hi Chetan.

     

    Thanks for your response, but this is not clear answer from you.

    As I wrote in my post. I have SEP 12.1.5 installed. So Linux clients are managed by SEPM.

    I have LUA server configured and I'm downloading Avenge MicroDefs25 SavCorp10 Linux Virus Definitions.

    Linux clients are installed with new rpm package Linux - SEP version 12.1.5337.5000 created from SEPM.

    But alI linux clients are not updated from LUA server.

    I configured LiveUpdate policy -> Linux settings to download definitions from internal LiveUpdate server.

    But they still on the old definitions...no update at all.



  • 6.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Posted Mar 05, 2015 03:50 AM

    I copied liveupd.hst file to test machine....

    Nothing happend.

     

    I tried to update it manually. See status:

    [root@hostname symantec_antivirus]# ./sav liveupdate -u
    Command failed: Failure in pre processing of micro definitions before update.
    Unable to perform update
    [root@hostname symantec_antivirus]#
    Mar 5, 2015 9:42:26 AM Connected to xxx.xxx.xxx.xxx sending request ...
    Mar 5, 2015 9:42:26 AM Waiting for response ...
    Mar 5, 2015 9:42:26 AM
    Mar 5, 2015 9:42:26 AM The Java LiveUpdate session has completed successfully.
    Mar 5, 2015 9:42:26 AM Return code = 0
    Mar 5, 2015 9:42:26 AM


  • 7.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Posted Mar 05, 2015 06:24 AM

    additional information:

    [root@hostname symantec_antivirus]# ./sav liveupdate -u
    1.000000%
    2.000000%
    4.000000%
    5.000000%
    7.000000%
    8.000000%
    10.000000%
    11.000000%
    13.000000%
    14.000000%
    16.000000%
    17.000000%
    19.000000%
    20.000000%
    22.000000%
    23.000000%
    25.000000%
    26.000000%
    27.000000%
    29.000000%
    30.000000%
    32.000000%
    33.000000%
    35.000000%
    36.000000%
    38.000000%
    39.000000%
    41.000000%
    42.000000%
    44.000000%
    45.000000%
    47.000000%
    48.000000%
    50.000000%
    Command failed: Failure in post processing of micro definitions during update.
    Unable to perform update


  • 8.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5



  • 9.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5
    Best Answer

    Posted Mar 05, 2015 06:41 AM

    second try....

    [root@hostname symantec_antivirus]# ./sav liveupdate -u
    1.000000%
    2.000000%
    4.000000%
    5.000000%
    7.000000%
    8.000000%
    10.000000%
    11.000000%
    13.000000%
    14.000000%
    16.000000%
    17.000000%
    19.000000%
    20.000000%
    22.000000%
    23.000000%
    25.000000%
    26.000000%
    27.000000%
    29.000000%
    30.000000%
    32.000000%
    33.000000%
    35.000000%
    36.000000%
    38.000000%
    39.000000%
    41.000000%
    42.000000%
    44.000000%
    45.000000%
    47.000000%
    48.000000%
    50.000000%
    51.000000%
    52.000000%
    52.000000%
    54.000000%
    54.000000%
    55.000000%
    57.000000%
    58.000000%
    60.000000%
    61.000000%
    61.000000%
    63.000000%
    63.000000%
    64.000000%
    64.000000%
    66.000000%
    66.000000%
    67.000000%
    69.000000%
    69.000000%
    70.000000%
    72.000000%
    72.000000%
    73.000000%
    73.000000%
    75.000000%
    76.000000%
    76.000000%
    77.000000%
    77.000000%
    79.000000%
    79.000000%
    80.000000%
    80.000000%
    82.000000%
    82.000000%
    83.000000%
    83.000000%
    85.000000%
    85.000000%
    86.000000%
    86.000000%
    88.000000%
    88.000000%
    89.000000%
    89.000000%
    91.000000%
    91.000000%
    92.000000%
    92.000000%
    94.000000%
    94.000000%
    95.000000%
    95.000000%
    97.000000%
    97.000000%
    98.000000%
    99.000000%
    [root@hostname symantec_antivirus]#
     
     
    logs:
     
    Mar 5, 2015 12:30:46 PM Making /opt/Symantec/LiveUpdate/tmp/1425555008281/1425555031466/navuphub.dis executable ...
    Mar 5, 2015 12:30:46 PM Running /opt/Symantec/LiveUpdate/tmp/1425555008281/1425555031466/navuphub.dis ...
    Mar 5, 2015 12:30:47 PM Downloading f205_312456A43395CA02F6367F348CDf206_S00 to /opt/Symantec/symantec_antivirus/f205_312456A43395CA02F6367F348CDf206_S00 ...
    Mar 5, 2015 12:30:47 PM Connecting to XXX.XXX.XXX.XXX via HTTP ...
    Mar 5, 2015 12:30:47 PM Connected to XXX.XXX.XXX.XXX sending request ...
    Mar 5, 2015 12:30:47 PM Waiting for response ...
    Mar 5, 2015 12:30:47 PM
    Mar 5, 2015 12:30:47 PM The Java LiveUpdate session has completed successfully.
    Mar 5, 2015 12:30:47 PM Return code = 0
    Mar 5, 2015 12:30:47 PM
     


  • 10.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Broadcom Employee
    Posted Mar 05, 2015 06:54 AM
    You mean it worked in second attempt?


  • 11.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Posted Mar 06, 2015 04:47 AM

    Yes...strange, but it works...

    Now everything is ok, just updates takes quite a lot space on linux machines!

    Two days ago 2GB of updates...yesterday 1GB....

    How I can purge old updates from "/opt/Symantec/virusdefs/"  on linux systems?

    I found thhis article: https://www-secure.symantec.com/connect/forums/liveupdate-consumes-too-much-disk-space

    But it is cleaning procedure. I want to setup a size limit on linux host or on LUA for linux machines. Is it possible?

    Thanks.



  • 12.  RE: Linux clients won't update definitions from SEPM/LUA 12.1.5

    Posted Mar 10, 2015 05:00 AM

    I found, that purging can be setup in LUA and it works for linux clients I think.

    I set purge updates older than 3 revisions back and it seems that Linux client is really follow that.

    I have maximum 2.9 GB symantec definitions on the linux host.