Video Screencast Help
Search Video Help Close Back
to help

Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

Created: 29 Jan 2013 | Updated: 04 Feb 2013 | 10 comments
RSASKA's picture
RSASKA
0 0 Votes
Login to vote
This issue has been solved. See solution.

Can you refresh my memory?

 

I am trying to set up logging on our GUP (SEP 11 RU7 MP1) to determine whether it is communicating with SEP client so it will receive AV definition from GUP rather than SEPM.

 

Thanks!!!

 

Discussion Filed Under:
, ,

Comments 10 CommentsJump to latest comment

SebastianZ's picture
SebastianZ Symantec Employee
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

If enabling the debug on GUP - you should see the defs requests from SEP clients received by GUP:

http://www.symantec.com/business/support/index?pag...

([HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC]
"smc_debuglog_on"=dword:00000001) with output file - debug.log

...this will show you as well all clients connecting to GUP and overview over what is being requested.

 

Sylink (http://www.symantec.com/business/support/index?pag...) is best to see it from the other side - from SEP client requesting updates from GUP.

SOLUTION
0
Login to vote
  • Actions
SMLatCST's picture
SMLatCST Partner Accredited
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

You mean these articles?

http://www.symantec.com/docs/TECH97190

http://www.symantec.com/docs/TECH188574

http://www.cstl.com/

0
Login to vote
  • Actions
Brian81's picture
Brian81 Trusted Advisor
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

Turn on sylink debugging

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2012-08-20  |  Article URL http://www.symantec.com/docs/TECH104758

 

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
RSASKA's picture
RSASKA
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

SebastianZ, One important thing I forgot to add is that we have no access to the 200+ clients in our environment. We can only access SEPM and the 1500 GUPs

Marriage Made in Heaven

If God is for us, who can be against us? --- Romans 8:31

0
Login to vote
  • Actions
Brian81's picture
Brian81 Trusted Advisor
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

You can enable on the GUPs or use a tool like Wireshark to watch the traffic.

SEP Knowledge Base

Endpoint SWAT

+1
Login to vote
  • Actions
pete_4u2002's picture
pete_4u2002 Symantec Employee
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

debug log on GUP will help to know if the definition sent to client.

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
  • Actions
RSASKA's picture
RSASKA
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

Ahhhhhh Brian, I am beginning to appreciate wireshark as well :-)

Marriage Made in Heaven

If God is for us, who can be against us? --- Romans 8:31

+1
Login to vote
  • Actions
Brian81's picture
Brian81 Trusted Advisor
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

Best FREE! tool out there for watching traffic yes

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
SebastianZ's picture
SebastianZ Symantec Employee
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:29 Jan 2013 : Link

RSASKA, have you considered those:

https://www-secure.symantec.com/connect/articles/h...

https://www-secure.symantec.com/connect/videos/sep...

...may give you some more visibility over the GUPs as you have quite many of them:D

0
Login to vote
  • Actions
RSASKA's picture
RSASKA
Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients - Comment:04 Feb 2013 : Link

Sebastian had the solution, although wireshark is very very powerful also!!!

Marriage Made in Heaven

If God is for us, who can be against us? --- Romans 8:31

0
Login to vote
  • Actions