Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

  • 1.  Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:18 AM

    Can you refresh my memory?

     

    I am trying to set up logging on our GUP (SEP 11 RU7 MP1) to determine whether it is communicating with SEP client so it will receive AV definition from GUP rather than SEPM.

     

    Thanks!!!

     



  • 2.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:26 AM

    Turn on sylink debugging

    How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

    Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2012-08-20  |  Article URL http://www.symantec.com/docs/TECH104758

     



  • 3.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:27 AM

    You mean these articles?

    http://www.symantec.com/docs/TECH97190

    http://www.symantec.com/docs/TECH188574



  • 4.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients
    Best Answer

    Posted Jan 29, 2013 10:33 AM

    If enabling the debug on GUP - you should see the defs requests from SEP clients received by GUP:

    http://www.symantec.com/business/support/index?page=content&id=TECH102412

    ([HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC]
    "smc_debuglog_on"=dword:00000001) with output file - debug.log

    ...this will show you as well all clients connecting to GUP and overview over what is being requested.

     

    Sylink (http://www.symantec.com/business/support/index?page=content&id=TECH104758) is best to see it from the other side - from SEP client requesting updates from GUP.



  • 5.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:39 AM

    SebastianZ, One important thing I forgot to add is that we have no access to the 200+ clients in our environment. We can only access SEPM and the 1500 GUPs



  • 6.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:40 AM

    You can enable on the GUPs or use a tool like Wireshark to watch the traffic.



  • 7.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Broadcom Employee
    Posted Jan 29, 2013 10:43 AM
    debug log on GUP will help to know if the definition sent to client.


  • 8.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:44 AM

    Ahhhhhh Brian, I am beginning to appreciate wireshark as well :-)



  • 9.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 10:46 AM

    Best FREE! tool out there for watching traffic yes



  • 10.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Jan 29, 2013 01:21 PM

    RSASKA, have you considered those:

    https://www-secure.symantec.com/connect/articles/how-can-we-check-which-content-sep-121-clients-are-downloading-gup

    https://www-secure.symantec.com/connect/videos/sep-content-distribution-monitor-introduction

    ...may give you some more visibility over the GUPs as you have quite many of them:D



  • 11.  RE: Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

    Posted Feb 04, 2013 09:25 AM

    Sebastian had the solution, although wireshark is very very powerful also!!!