Endpoint Protection

 View Only

  • 1.  SEPM LiveUpdates Filling Event Log

    Posted Nov 16, 2007 11:39 AM
    Is there a way to do one of the following:

    1. Stop the LiveUpdate service from starting and stopping every minute?  Or decrease the interval?
     
    -or-
     
    2. If #1 is not possible, decrease or disable Event Logging?  The LiveUpdate service is spamming my event logs!
     
    Thanks.


  • 2.  RE: SEPM LiveUpdates Filling Event Log

    Posted Nov 18, 2007 09:37 PM
    i am have the same live update problem with sep 11.0 any help would be appreciated


  • 3.  RE: SEPM LiveUpdates Filling Event Log

    Posted Nov 19, 2007 07:14 PM
    Hi,
     
    This is a known product issue and is scheduled to be resolved in Maintainance Release 1 which is targeted to become available some time between mid to late December 07.
     
    Two potential steps that can ease the logging are:
     
    1) The log entries are directly tied to a specific Liveupdate plugin which can run at every Symantec Endpoint Protection client heartbeat interval by default. This interval is configured in the console on the Clients page, highlight the group, click Policies tab, then click Communication Settings. Note, increasing the value will decrease the frequency with which you receive these Liveupdate log entries but you also need to be aware that it will also decrease the frequency with which you receive logging from the client.
     
    2) You can schedule Liveupdate to automatically download definitions once per day.  This will cause the LiveUpdate service to make entries to the System Event Log every four hours (18 entries per day in all, rather than hundreds.)
     
    I realise this is far from ideal, but like I said, we are very much aware of this issue and will be delivering a fix soon.


  • 4.  RE: SEPM LiveUpdates Filling Event Log

    Posted Nov 20, 2007 09:58 AM

    GrahamA wrote:
     
    2) You can schedule Liveupdate to automatically download definitions once per day.  This will cause the LiveUpdate service to make entries to the System Event Log every four hours (18 entries per day in all, rather than hundreds.)
     
    I realise this is far from ideal, but like I said, we are very much aware of this issue and will be delivering a fix soon.

    This isn't true.  I have our server set to update at 3am and there are still hundreds of events in the log.  I have 4 clients iin my test setup and I have 1-2 starts/minute.


  • 5.  RE: SEPM LiveUpdates Filling Event Log

    Posted Nov 20, 2007 10:23 AM
    Graham's fix seemed to work in our environment.  I have set ALL groups including global to check every 4 hours for updates via the LiveUpdate policy.  I see:
     
    LiveUpdate started and stopped at 11:33p
    LiveUpdate started and stopped at   3:33a
    LiveUpdate started and stopped at   7:33a
     
    Works here.  I also decreased the client heartbeat to 15 minutes for remote sites.
     


  • 6.  RE: SEPM LiveUpdates Filling Event Log

    Posted Nov 20, 2007 07:06 PM
    Hi Ned,
     
    Sorry to hear the suggested changes didn't help for you. I know they have for most who were affected, including Mike on this thread. Suggest you call support if possible, and they can assist you with verifying the issue and workaround.
     
    Note also, as mentioned, this should be fixed in MR1, due mid-late Dec'07.


  • 7.  RE: SEPM LiveUpdates Filling Event Log

    Posted Nov 21, 2007 10:32 AM
    Ned -
     
    I too was a little confused as to where ONE goes to actually change the value of how often the SEPM server updates.  So many LiveUpdate tabs, so little time :smileytongue:
     
    What do you have in:
    -SEPM Console
    -Admin
    -Servers
    -Right-click Local Site, Properties
    Select the "LiveUpdate" tab
     
    10 bucks says that yours is set to "Continuous".  I have mine set to run from 8:00pm-3:00am, outside working hours...