Endpoint Protection

 View Only

  • 1.  SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 10, 2010 12:34 PM
    Hi,

    I am considering implementing this solution where 70,000 Sav clients start to report into SEP.   Can anyone tell me how to do this or point me to any documentation?  Does any software need to be loaded onto the Primary and Secondary servers?  How much of an additional load will be added to the SEPM / SQL DB.  Any help would be greatly appreciated.


  • 2.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 10, 2010 12:53 PM

    This setting is located in preferences on the Home page of SEPM, at the
    bottom of the "Logs and Reports" panel.

     


  • 3.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 10, 2010 01:29 PM
    Yes Sandip thanks for this, what must I do to sav the 10 primary and secondary servers in order to forward the data please?


  • 4.  RE: SEP 11RU5 & Symantec AV 10.x log files.
    Best Answer

    Posted May 10, 2010 01:42 PM
    From the SSC - Right-click your Primary -> All Tasks -> Reporting Configuration -> Configure Reporting Server

    Put in  http://<Server IP>:8014/Reporting  8014 is the default port so if you changed it then you need to change it here.  Depending on how you have things setup, this setting should propogate to you secondary servers.

    If you have reporting agents installed you can do it a different way.  Also if you have AMS admin Utility installed, you can use it but the above is the fastest and simplest.

    The issue I think you are going to have is that 70,000 clients is alot to ask of your sepm.  It does put an extra load on your SEPM.  Also if you plan on going to 11.0.6a, we had an issue with SAV10 clients reporting to the SEPM and had to stop it.  It seems the latest version does not handle SAV10 reporting very well.


  • 5.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 10, 2010 02:36 PM
    Just what I was looking for,  what is the issue with RU6a?  I am still using RU5 and I understand there will be an additional load on the SEPM and currently we have 8 at present.  Thanks for your help.


  • 6.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 10, 2010 03:17 PM

    When we upgraded to 11.0.6a, we started getting many PHP process and between them, they would consume the CPU.  Once we turned it off Sav10 reporting, CPU usage went back to normal. 



  • 7.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 10, 2010 05:08 PM
    We have seen some people set up a 'dedicated reporting server'.
    For things like this, they setup a site partner which no clients connect to and the server doesn't replicate. All it does is process things like logs.
    Depending on your resources that may or may not be a steep solution.


  • 8.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 13, 2010 05:06 AM

    Hi, does the SEPM support SAV 9.x logs?  Where are these logs stored when the are sent to the SEPM? I know in sav 10 I had to manually archive log files, so do we need to do the same on the SEPM? Or are the Sav logs added to the SEP database?

    Thanks for your help.



  • 9.  RE: SEP 11RU5 & Symantec AV 10.x log files.

    Posted May 13, 2010 09:55 PM
    SEPM stores all logs in the database.
    These logs can get large. SEPM has mechanisms to handle sweeping the oldest logs and such. Most options can be configured from the Admin --> Server --> (Click on your local site) --> Tasks: Edit Site Properties --> Log Settings tab.