Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Sylink logging or Sylink Monitoring to determine if GUP is sending AV defs to clients

Created: 29 Jan 2013 • Updated: 04 Feb 2013 | 10 comments
This issue has been solved. See solution.

Can you refresh my memory?

 

I am trying to set up logging on our GUP (SEP 11 RU7 MP1) to determine whether it is communicating with SEP client so it will receive AV definition from GUP rather than SEPM.

 

Thanks!!!

 

Comments 10 CommentsJump to latest comment

SebastianZ's picture

If enabling the debug on GUP - you should see the defs requests from SEP clients received by GUP:

http://www.symantec.com/business/support/index?pag...

([HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC]
"smc_debuglog_on"=dword:00000001) with output file - debug.log

...this will show you as well all clients connecting to GUP and overview over what is being requested.

 

Sylink (http://www.symantec.com/business/support/index?pag...) is best to see it from the other side - from SEP client requesting updates from GUP.

SOLUTION
.Brian's picture

Turn on sylink debugging

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2012-08-20  |  Article URL http://www.symantec.com/docs/TECH104758

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

RSASKA's picture

SebastianZ, One important thing I forgot to add is that we have no access to the 200+ clients in our environment. We can only access SEPM and the 1500 GUPs

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

.Brian's picture

You can enable on the GUPs or use a tool like Wireshark to watch the traffic.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

RSASKA's picture

Ahhhhhh Brian, I am beginning to appreciate wireshark as well :-)

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

.Brian's picture

Best FREE! tool out there for watching traffic yes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

RSASKA's picture

Sebastian had the solution, although wireshark is very very powerful also!!!

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.