Endpoint Protection

 View Only

  • 1.  Need some Information on these two

    Posted Mar 02, 2015 08:48 AM

    Hello everyone , I need some information/recommendations on the below two , would really appreciate your help.

     

    1. In SEP 12 RU5 if I keep the content revisions to 90 then how much disk space would it utilize ? would the space it occupies would be very less ( as RU5 has content optimizations ) . This is basically a fresh installation , the content revision size was set to 30 earlier , but due to some reasons I have increased it now to 90

     

    2. This point is all about troubleshooting either on the SEPM or SEP endpoint . Basically I want to know incase of various issues or problems which we have on SEPM or SEP endpoint what are the most common/famous logs that we needs to look or analyze to troubleshoot or diagnose the problem. 

    for endpoints I know its the all famous SymHelp tool ( any other ? )

    wht about SEPM ? would really appreciate if any1 could tell me what log identify what and its locations ?

    Thanks in advance. Regards



  • 2.  RE: Need some Information on these two

    Posted Mar 02, 2015 10:20 AM

    No one ?



  • 3.  RE: Need some Information on these two

    Posted Mar 02, 2015 10:25 AM

    Same here. Keeping 90 revs for 64 bit virus and spyware and it's about 1.65 GB

    Yes, symhelp tool is the way to go. It can handle all troubleshooting issues to start.



  • 4.  RE: Need some Information on these two

    Posted Mar 02, 2015 10:38 AM

    1. In this document Symantec claims that 55 GB of content are shrinking to 2 GB in 12.1.5 (30 content versions). If you have 90 content versions and both 32-bit and 64-bit content (180 versions altogether), that will be more than 200 GB prior to 12.1.5 but perhaps only 10 or 12 GB in 12.1.5. The SEPM saves only one full content revision, the other 89 revisions are realized as delta files, which are very small in most cases. However, if your SEPM fails to update itself for some time, the delta files will be growing in size.  You will definitively use less disk space with 90 versions in 12.1.5 than with 30 versions in previous SEP versions.

    2. First of all. check Monitors > Logs. There are tons of more or less useful infos. Just an example: Under Log type: System > Log content: Server Activity > Event Type: [What you want] you get a customized part of the SEPM log.

    Some other important SEPM logs:

    Log Location Description
    SEPM_inst.log %TEMP% SEPM installation log
    scm-server-0.log <SEPM directory>\tomcat\logs current SEPM issues
    catalina.out <SEPM directory>\tomcat\logs tomcat issues
    Log.LiveUpdate C:\ProgramData\Symantec\LiveUpdate LiveUpdate

     

     

     

     

    BTW, SymHelp checks the SEPM as well as the client.

    Under <SEPM directory>\Tools you can find the collectlog.cmd script which is able to collect nearly all SEPM related logs.

    HTH!



  • 5.  RE: Need some Information on these two

    Posted Mar 02, 2015 11:36 AM

    Thanks for your reply Brian , what about SEPM logs and their description ? Regards



  • 6.  RE: Need some Information on these two

    Posted Mar 02, 2015 11:39 AM

    Hello Greg thanks for your reply , when we did the installation of SEPM 12 RU5 we set the conent revisions to 30 initially ( no upgrade has been performed ) so thats why I asked , since now I have increased content revisions to 90. How much utilize would the SEPM consume now ?

    Regarding the logs thanks for sharing them , apart from SEPM any major logs I also need to look into for the issues ? Regards



  • 7.  RE: Need some Information on these two

    Posted Mar 02, 2015 11:48 AM

    These articles goes into some depth on the different kinds of logs to look thru:

    How to debug the Symantec Endpoint Protection Manager

    How to debug the Symantec Endpoint Protection client



  • 8.  RE: Need some Information on these two

    Posted Mar 02, 2015 12:27 PM

    when we did the installation of SEPM 12 RU5 we set the conent revisions to 30 initially ( no upgrade has been performed ) so thats why I asked , since now I have increased content revisions to 90. How much utilize would the SEPM consume now ?

    Difference between 30 and 90 revisions is nearly neglible compared to pre-12.1.5 versions. It's very difficult to call concrete numbers as the size of delta files varies. For example, a SEPM updating daily is producing larger delta files than a SEPM updating every 4 hours. The latter is able to download all 3 AV/AS content versions Symantec is providing daily, so the differences between the single content versions are smaller.

    Let's do a worst (well, bad) case calculation for 32-bit and 64-bit AV/AS content (2 * 60 versions). One delta file may be 3 MB in size. One version needs two delta files (one pointing forward, one poining backwards). So you need only 60 * 2 * 2 * 3MB = 720 MB (!) for increasing the content versions number from 30 to 90. That's far less than one single full content version and matches Brian's microscopically small content size mentioned in his post.

    Just look into your <SEPM>\Inetpub\content folder and search for subfolders starting with "{535C" or "{07B" (32-bit and 64-bit AV/AS content). Search for .dax files (deltas) there and do the math.

    Regarding the logs thanks for sharing them , apart from SEPM any major logs I also need to look into for the issues ?

    What particular issues do you mean?



  • 9.  RE: Need some Information on these two

    Posted Mar 02, 2015 01:08 PM

    thanks for your brief reply greg , by logs I mean . . . policies not being pused to the clients , clients with no policy numbers , endpoints not forwarding their logs to the SEPMs though they are connected. Login issues response being slow etc etc 

    Regards



  • 10.  RE: Need some Information on these two