Video Screencast Help

Enhance the Client-Server Activity Reports in the SEPM

Created: 22 Jan 2013 • Updated: 22 Jan 2013 | 5 comments
Mick2009's picture
8 Agree
0 Disagree
+8 8 Votes
Login to vote

At present, there is a wealth of information that can be generated from the Symantec Endpoint Protection Manager (SEPM) about the SEP clients it controls.  These reports can be created from Monitors and Reports tabs on the SEPM.

About the information in the System reports and logs
Article URL 

The Client-Server Activity logs can report, for instance, exactly when a SEP client downloaded new definitions, and from which SEPM (in an organization which has several).  For example:

Time Stamp Event Type Host Name User Name Domain Name Server Name
19/01/2013 19:55 Client has downloaded the content package client045 admin51 sepdomain SEPM1
19/01/2013 19:53 Client has downloaded the content package client43 vmadmin sepdomain ANOTHER_SEPM
19/01/2013 19:51 Client has downloaded the content package client001 Administrator sepdomain THIRD_SEPM

If this report also added details on what version of definitions (filename) were in that package and whether the update came directly from the SEPM or went through a GUP, it would provide administrators with even better information about how their organization's update infrastructure is operating. 

For instance: it would be immediately clear from such an enhanced report if too many SEP clients are downloading files rather than the smaller (delta) .dax files.  It would also make it easy to see if clients are evenly spread across the GUPs, or if all the clients are using just one.  These added details would help troubleshooting efforts immensely.

At present, it is possible to dig into an additional report to see if a GUP was involved, but this could be made more convenient.

Where does the SEPM show that SEP 12.1 clients are downloading content from GUPs?
Article URL 

The information (filenames, name of GUP used) are visible in the individual SEP client logs, so it should be wholly possible to get that information communicated to the SEPM and displayed in useful reports such as the one proposed here.

Comments 5 CommentsJump to latest comment

SebastianZ's picture

Great idea Mick - thumbs up for above. This would be very welcome from the support perspective as well - no more need to dig up through several logs to find the source of downloads.

Login to vote
John Cooperfield's picture

Excellent idea. Even before I look at GUP activity, I would review the aspect of client using files rather than the deltas.

Login to vote
NRaj's picture

Something like the list of clients getting updates from SEPM / GUP / LUDP will help a lot.

Login to vote
Chetan Savade's picture

Refer this thread as well:

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Login to vote