Enhance the Client-Server Activity Reports in the SEPM
At present, there is a wealth of information that can be generated from the Symantec Endpoint Protection Manager (SEPM) about the SEP clients it controls. These reports can be created from Monitors and Reports tabs on the SEPM.
About the information in the System reports and logs
Article URL http://www.symantec.com/docs/HOWTO27546
The Client-Server Activity logs can report, for instance, exactly when a SEP client downloaded new definitions, and from which SEPM (in an organization which has several). For example:
|Time Stamp||Event Type||Host Name||User Name||Domain Name||Server Name|
|19/01/2013 19:55||Client has downloaded the content package||client045||admin51||sepdomain||SEPM1|
|19/01/2013 19:53||Client has downloaded the content package||client43||vmadmin||sepdomain||ANOTHER_SEPM|
|19/01/2013 19:51||Client has downloaded the content package||client001||Administrator||sepdomain||THIRD_SEPM|
If this report also added details on what version of definitions (filename) were in that package and whether the update came directly from the SEPM or went through a GUP, it would provide administrators with even better information about how their organization's update infrastructure is operating.
For instance: it would be immediately clear from such an enhanced report if too many SEP clients are downloading full.zip files rather than the smaller (delta) .dax files. It would also make it easy to see if clients are evenly spread across the GUPs, or if all the clients are using just one. These added details would help troubleshooting efforts immensely.
At present, it is possible to dig into an additional report to see if a GUP was involved, but this could be made more convenient.
Where does the SEPM show that SEP 12.1 clients are downloading content from GUPs?
Article URL http://www.symantec.com/docs/TECH187283
The information (filenames, name of GUP used) are visible in the individual SEP client logs, so it should be wholly possible to get that information communicated to the SEPM and displayed in useful reports such as the one proposed here.