Display where SEP clients pull defs from
Updated: 23 Dec 2009 | 8 comments
Status:
In Development
It would be great to add a field to the client status view in SEP so that administrators can quickly see where their clients last got their definitions from. Especially with the new GUP features in RU5, the ability to quickly and easily determine that clients are going to the correct source for definition updates is crucial and today, that is a painful process if doing en masse.
Idea Filed Under:
Comments
Support this feature request
Support this feature request 100%
This tools works, but it is to much hassel.
http://service1.symantec.com/SUPPORT/ent-security.nsf/383ed085ad1ed2c6882571500069b34d/4be077e14183395388257348007a2472?OpenDocument
This would be a great thing
This would be a great thing to see in a log of some kind under monitors logs. I too have to agree with this being a great idea.
idea, nslookup
A idea is that, to first setup a debug log on the client.
Then in the debug log there is a line/entry that shows the name of the server that the client get the update from.
But when you have a defind a dns-name entry in the liveupdate policy, for example. gup.mydomain.com.
There is no way of showing ip adress where the client actually download the virusdef from.
Maybe a "nslookup" first to defind the gup ip and enter this in the debuglog, then you can see where the client donwloads the virusdefs from.
Was working in versions prior to RU5...
Previous SEP client versions stated in the client management log something like
“Start using group update provider (proxy server) @ hostname:2967”
which was fairly useful.
Tech Support say this now is not displayed in RU5... and I cannot see a way of determining the GUP that is actually being used, other than enabling SyLink logging on all clients and trolling through the log until a download is seen. Even the "GetGupList" entries in the SyLink log don't show how it came up with the IP of a particular GUP to use. I am still not convinced that GUP is working correctly in RU5 as there is high WAN utilitision for an hour or two at every remote site and it all starts at exactly the same time.
Can we get the GUP (or LiveUpdate server etc.) that each client connects to for definition updates displayed in the SEPM console, like next to the definition version that the client is using?
Also customizable columns in SEPM so we can add what we want to see in the client views rather than picking from only 5 predefined view options and continually switching between them to see required information
GUP troubleshooting
it would be great if we can see which clients download updates which source ( GUP, management server, LU server)
it would help us to troubleshoot
Also add
What the current definition file on that server is, as well as possibly the client info.
Sep Signature download
I hope that I can find a log line in SEPM in wich I can find "signature upload from" and whhy not the size !
This is a good..and will
This is a good..and will really bring down GUP troubleshooting steps
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Would you like to reply?
Login or Register to post your comment.