Video Screencast Help

Where do you look to find definition download time?

Created: 13 Jun 2013 • Updated: 17 Jun 2013 | 11 comments
This issue has been solved. See solution.

Could someone please advise where in the SEPM console (SEP12RU2) do I look to find the specific time the last definition download took place?  I need to know to help troubleshoot some other issues.  Thanks.

Comments 11 CommentsJump to latest comment

.Brian's picture

For SEPM

Admin >> Servers, click "Show LiveUpdate downloads"

 

For clients

Monitors page

Log type: System

Log content: Client Activity

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

limnos's picture

Roger that, but that only shows the time of the last def download, I need the history for the last week.  I assume that is in a log file somewhere?

SMLatCST's picture

For the SEPM itself, go to ADMIN -> Servers, under the tree structure showing the site and individual servers in your SEP environment, you should see a Show LiveUpdate Downloads link, click this for a new window with the download details.

This tells you when the SEPM last grabbed it's defs.  For the clients, check out Brian's post ("Thumbs Up" BTW), which can also be seen in the System Log locally on a client.

Rafeeq's picture

You can check the event IDs

Definition File Loaded
7
GL_EVENT_LOAD_PATTERN Occurs when Symantec AntiVirus loads a new .vdb file.

 

limnos's picture

yeah, IF the idiots I worked for would actually allow the SEP Admin for the entire agency the ability to log onto my own app server....yeah, it's stupid.  I have no access to the SEPM server except via the console.

Rafeeq's picture

You need to know the Lu download on the SEPM or on the clients?

James-x's picture

Hi Limnos,

Here's how to do what you want, given that you can't access the server itself.

  1. Login to the SEPM
  2. Click Monitors > Logs tab
  3. Set Log type to System
  4. Set Log content to Server Activity
  5. Click Advanced Settings
  6. Set your desired time range to look for events (e.g., Past three months)
  7. Set Event type to LiveUpdate events
  8. Click View log

After viewing the log, you can export it in CSV format by clicking the Export button.

Regards,

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

SOLUTION
James-x's picture

Hi limnos,

You're welcome!

Would you mind marking my post as the solution, so that future forum-searchers can jump right to it?

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

Rafeeq's picture

if you want to know when your SEP manager has updated the definitions using internet

you can check the log. Liveupdateunder

C:\Documents and Settings\all users\Application Data\symantec\LiveUpdate

you will find the below lines if updates were successful with timestamp

"The Update executed with a result code of 1800, => Success"