Video Screencast Help

SEP Content Distribution Monitor - Introduction

Created: 14 Jun 2010 • Updated: 09 Sep 2010 | 42 comments
GrahamA's picture
+14 14 Votes
Login to vote
Symantec single video player.

This short webcast will introduce the new SEP Content Distribution Monitor tool, which is quick and easy to setup, and can help customers with managing and monitoring multiple Group Update Providers in their environment. 

After hearing customers mention they could benefit from increased visibility over the Group Update Providers that active in their environment, as they are a critical part of their content infrastructure, we started to look into creating a tool to provide this functionality for them.
 
Here is the result. Its a v lightweight tool you can run on the SEPM directly or remotely and will provide customers with a GUP health dashboard:

We've also included with this, a HI policy for optionally, checking GUP health locally on each one and then taking remediation steps as needed if the GUP is not funcitoning as it should.

Warning: This is not an officially supported tool so it is use at own risk. That said, it is reading from the various data sources is accesses, not writing to them, so use of the tool is typically low risk, and customers that have used it so far have reported no negative side-effects.

You may also view this webcast directly from the following URL:
http://www.screencast.com/t/MzU0Mzk0ZT

The monitor itself can be downloaded from the following URL:
http://www.symantec.com/connect/downloads/sep-content-distribution-monitor

Best Regards,
Graham Ahearne.

Product Management
Enterprise Security Solutions
Symantec Corporation

Video Upload: 

Comments 42 CommentsJump to latest comment

Ramji Iyyer's picture

Thanks a lot Graham !!!!

This monitoring tool is very useful. to monitor GUPs

The GUP's whose version is below 5002.333 are not shown. Am I Correct.???

There must also be an option to export to csv file of the status of GUP.

Regards...
Ramji Iyyer
SCS

Regards...
Ramji Iyyer

0
Login to vote
GrahamA's picture

Thx for the feedback!

I've now updated the tool to include an export to CSV function.

Yes, the tool will work with any GUPs that are running version 11.0.5 or later.

If you have any other feedback or suggestions, pls post them to the download post where most of the discussion is going on so far:
http://www.symantec.com/connect/downloads/sep-content-distribution-monitor

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
yadagiri.kovi1's picture

Hi,

Iam getting error in Symantec distrubution monitor consloe, Virus/ Spyware content download today from SEPM showing all Zero count.

Kindly help me how to rectify the issue.

 

 

AttachmentSize
SEP.docx 13.57 KB
0
Login to vote
Ramji Iyyer's picture

Thanks for quick action & considering me !!!

Some inputs for you.

We are also seeing lots of duplicate clients online & offline of monitoring tools.

We also find some of the old GUP's which we are not used. screenshot attached

Regards...
Ramji Iyyer
SCS

Regards...
Ramji Iyyer

0
Login to vote
GrahamA's picture

I've posted a version 2.8. It contains some updates including a potential fix for the duplicates issue.

Can you try it out when you get a chance and let me know how you get on? (esp let me know if the duplicates issue is resolved or not)

Thx.

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
GrahamA's picture

Yes, I also have seen duplicate clients appear in some cases. The SEPM database will track SEP clients in different states, and it is somehow related to this, that we see duplicates appear via the monitor. I need to revise the SQL query that extracts the data that the monitor uses. I'll send you a personal message as if possible, I'd like to get an export of some of your SEPM database tables, these will help us pinpoint the cause for the duplicates appearing. Thx.

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
salamz's picture

Its Really Gr8 Tool for monitoring GUP but i also face same prb of Duplications. i Hope thiz duplication issue will resolve soon.

Regards
Saqib Alam

Saqib Alam|Senior Systems Engineer|Symantec Technical Specialist|

0
Login to vote
GrahamA's picture

The duplicates is not happening for most ppl and hasnt appeared in my recent testing so I need so help to pinpoint the cause.

If you are willing, could you provide the following to me offline?

- SQL query results: select * from SEM_AGENT
- SQL query results: select * from SEM_COMPUTER
- SQL query results: select * from GUP_LIST
- Screenshot of the duplicates that appear in the console

If you can get me the data, I promise I will fix the cause :-)

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
windy138's picture

It is amazing. I like it. Thanks for this information

 

 

http://www.softwareoutsourcing.biz/services/open-source-development.htm
0
Login to vote
GrahamA's picture

I've posted a version 2.8 in the downloads section. Can you try it and let me know if it fixes the issue for you?

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
Mark Maynard's picture

This is great work and I feel will become very useful.  One thing that would be helpful is any sort of proxy support.  That would allow me to retrieve the latest requested info from Live Update.

0
Login to vote
GrahamA's picture

Appreciate the feedback. I'm also keen to add the proxy support. I had added it previously but since removed it as it proved more difficult that I had hoped. Anyway, its on my wishlist, will get to it asap :)

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
Aniket Amdekar's picture

Hi Graham,

Great work!! I am sure it will be very useful in troubleshooting GUPs on a large environment. Just out of curiocity, is there a mechanism to extract the local GUP list on a client that it gets after applying the local subnet filter. That will help to pinpoint the GUPs in the local network.

Aniket

0
Login to vote
GrahamA's picture

You can enable debug on a SEP client to see which GUP it is downloading from, and you can export the SEP client's policy to see which GUPs are listed in its Liveupdate policy but you can't get the exact data set you are after I think.

GrahamA Product Management, Symantec Security Solutions

0
Login to vote
Aniket Amdekar's picture

Hi Graham,

What if we collect procmon logs from the clients to check for specific activity after receiving the GUP list.

Can that be used to obtain the information we are looking for.

Aniket

0
Login to vote
MaRRuT@CC's picture

wow! nice to see that it getting updated so quick =) anyway its a good tool for a better overview about our lovely gup's in our environments =)

0
Login to vote
Michele Pavan's picture

Hi all,

does anyone have my same issue?

After installation I see all snippet but not the SPEM Mangaer AV/AS download, there I have a red cross.

See attachment.

 ---------------------------

Solved! Just a missing slash in the config file!

SPEM.jpg
0
Login to vote
yadagiri.kovi1's picture

Hi,

 

Did u got any solution for this.

Iam alsofacing the same problem

 

 

0
Login to vote
MaRRuT@CC's picture

I Hope SEP12 will have better GUP Functionality & Reporting/Log Options in the release start of "Amber".because alot of ppl need GUP Functionality...

0
Login to vote
amir ganji's picture

hi

I am installed sepm 11.0.6 on win 2003-sp2 whit sql server 2005 enterprise, we using several domain in my network such as : mpedc.ir , 8.mpedc.ir , 11.mpedc.ir , .... also only one console of sepm installd on my network and configure a gup. I used sylinkreplacer for publish sylink.xml file on other clients.with replace sylink file , all of the clients get update from gup but console sepm dont show these clients in client tab. I chekeld Help and Support-->troubleshooting-->Server Name & Group Name is correctly , but sepm consol dose not show those clients.

please help me for my problem .

tanks

0
Login to vote
Andreas Lampel's picture

Hello Graham!

I have 9 GUPs and in the application are only 2 visible! what can i do?

 

i found out that there only 4 records in the table gup_list and 1 record is sisecure and 3 records are mdcsfs!!!! and no other gup is in the table! WHY!! 

 bye

Andreas

GUPManager.PNG
0
Login to vote
Nichlas_OCH's picture

Hi guys!

I've installed the tool, and it communictes well with the database.
But the GUP-servers doesn't seem to report their existance.. What can be wrong?

I've worked my way through this one: http://www.symantec.com/connect/articles/configuring-group-update-providers-symantec-endpoint-protection-110-ru5

But I only use one GUP per group. I've got three sites with different local GUP's defined by IP-adress.

Need some help :)

Regards

Nichlas
 

0
Login to vote
Danimark's picture

I've had this running for some time now but receive no data regarding bandwidth.

SEPM IIS LogPaths for my two servers appears correct in the config file.

Hitting View Todays IIS Logs generates a script error

Line 758 Char 3 Error: Subscript out of range:"UBound" Code:0

URL: file:///C:/Program%20Files/SEP_Content_DistMonitor...

Any ideas welcome on troubleshooting.

Dan 

Addendum: Scratch this request - Log file settings had been changed in the IIS server end back in Feb by Admin unknown - adjusted as per read.me- I presume I'll start getting stats now.

Always been a great tool for overview - looking for next layer now as we occasionally have clients at low bandwidth sites that are affecting site comms speeds due to unknown data transfers (presuming SEP updates). IIS Logfiles will at least confirm data comms from SEPM rather than local GUP.

0
Login to vote
leonhomar's picture

Hi guys,

 

I'm here to share as error that i've found when trying to connect to the database (SQL 2008 x64).

I received the following error message when i execute the application:

 

I tryied to solve this issue changing the parameter of the config.ini file (table_name_prepend=),

i've inserted all these options without success (sem5, sem5.dbo, ).

Does anybody have any idea about this issue ?

I'm planning to make a complete check-up at my database.

 

Regards

 

Leon

Leon Homar

0
Login to vote
Philip's picture

Leon,

Did you manage to resolve this issue?

Regards,

0
Login to vote
ThaveshinP's picture

Hi there,

I am still having GUPS displaying on the console that are no longer GUPS and having duplicates of GUPS as well. Using 4.8 Beta. Anyone resolve this yet?

0
Login to vote
robartzn@yahoo.com's picture

 

Normal
0

false
false
false

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}

Looking for nursing home in derby, jason hylton court is a high quality nursing home situated in the heart of Swadlincote, Derbyshire nr Swadlincote

Care home Derbyshire

0
Login to vote
ThangTT's picture

Hi Graham & all

I'm using content monitor tool beta v 1.3 running on SEPM (12.1.671.4971), my setup is 1 SEPM & 2 windows XP 32 bit client, total sep agent is 3 (2 on XP, 32 bit sep agent, 1 on SEPM, 64 bit sep agent)

all these 3 endpoints are in same subnet, in same Client Group, I set one XP becomes GUP.

after the time liveupdate is ran on SEPM, new content is downloaded, I check the delta file in ...\SEPM\Inetpub\content\{...........}\111019020 directory its size is 162Kb (xdelta111019003.dax), but what i see in the Content Monitor tool is like this:

Type        Count       Size

Total         2             431.55KB

Full          0              0 bytes

Delta        2              431.55KB

So I understand that, there are two clients have downloaded Delta content from SEPM, each download is 431.55KB, so total bandwidth for download from SEPM = 2 * 431.55 KB so far, why is this number bigger than the delta file size (162kb compares with 431.55kb) ?

the report above only shows client which downloaded directly from SEPM, in this case is GUP client & SEPM sep agent, how can I know which client has connected to GUP, and how much it has downloaded from GUP (in this case is the other XP client) assuming I use packet capture tool like Wireshark ? where does the GUP store the content download ?

thanks

Thang

0
Login to vote
ThangTT's picture

Hi,

my assumption above is wrong, the 2 client who has download delta from SEPM directly is the other WinXP client and the SEPM (sep agent), 431.55KB is the total download of these two (not exactly each download is half of 431.55KB), so the Content Monitor tool does not show the download from GUP to SEPM, so how do I know when/how much each GUP download from SEPM ?

another strange thing is (in my scenario above) the GUP client actually download the delta to the directory c:\program files\symantec\symantec endpoint protection\12.1.601.4699.105\bin\SharedUpdates, but this GUP does not apply the delta update to itself, this GUP always have the AV updates applied very late (more than 1 hours later) ?!

seems that when SEPM & GUP & clients in the same subnet, same Client Group, client get the delta update from SEPM, not GUP

does anybody know why ?

thanks

0
Login to vote
Romulo Ruella's picture

I SEPM 12.1 but can not run the application. Do you have any extra configuration? only appears quickly and disappears cmd screen right away.
Help me please!

0
Login to vote
Subhani's picture

Hi ,I have the solution .Kindly confirm if you have already resolved it otherwise I will share it here.

0
Login to vote
Subhani's picture

After making the required changes to  httpd.config and restarting the SEP Manager Services ,unzip the "SEPM Content Dist Monitor - BETA v1.3.zip" contents to "Symantec Endpoint Protection Manager\Tools" folder and run the SepmMonitorTool.bat file from the "Tools" folder.

Also find attached is the Readme file

AttachmentSize
sepm_monitor_help.zip 2.98 KB
0
Login to vote
Philip's picture

 

I also received the following error message when i execute the application v.4.8beta in one of our environments with SEP11:

 

What could be the possible cause and how to fix it?

EDIT: It turned out that this issue was caused because customer has chosen to use custom table names with specific prepended name which has to be added to the monitor conf file correctly. Check with SQL studio to confirm if tables are default or there is prefix.

0
Login to vote
Slavi's picture

I am facing the very same issue, using dbo. sem5. or empty parameter, generates the same error message.  The account was even granted SA rights but it was still not working...
Any help will be appreciated.

0
Login to vote
riyas's picture

Hello Graham,

Greetings for the day..!! Hope you're doing good...

Our SEPM's are running with 12.1 version..

It's wonderful to work in GUP Monitoring tool which really saves lot of time from tracking the information on nearly 100 GUPs & 10000 clients AV status from the SEPM...(Eg. Low disk space, out dated clients, GUP AV update status)..

Few challenges which i found while using Symantec Content Distribution Manager Tool; Through this i could see the number of clients which have downloaded the virus defs. from the SEPM directly & the size f it..

But i'm failed to see the client list (destination hostnames like which client has downloaded the file & its size Eg: client - AIDL7800729 - downloaded 3 MB delta file ).  

I had configured all the apache logs & other settings as per the instructions shown on the video.

We are mainly concentrating on the clients which caused Bandwidth issues in our network. So, it would be appreciable if you help me out.

Attached the screenshot of the same.

 

 

 

Thx & Rgds,

Riyas

GUP Monitoring tool - 12.1 version.png
0
Login to vote
Richard Clapp's picture

I'm trying to get this to work on a 2008R2 server and believe I have everything up and working except the top middle section (AV/AS downloads today from SEPM).  I've gotten it to fill in with 0s and 0 bytes instead of the initial Red X/Not working. I belive the issues are with IIS and the logs.  Looking at the readme.txt file it says that I need to enable "Log Visits".  Unfortunately I see that in older IIS6, but in IIS 7.5 on the 2008 R2 server all I see is a logging option without anything available to check to "log visits".  I adjusted the items logged per the reade me and even moved the log file to a new place and opened the ContentInfo.txt file from step 13 which build a new W3SVC2 folder under the path I switched to.  I then pointed the config file to look at this directory, but nothing seems to be logging in this version of IIS.  Any suggestions to try and get this to work in IIS 7.5?

0
Login to vote
MaRRuT@CC's picture

can you provide the HI Policy for download Graham? Is this only a Registry Entry check for the GUP functionality?

0
Login to vote
kvb's picture

Hi Graham,

We just started implementing the tool, however we got - script error..

Line : 738

Char : 3

Error : Subscript out of range:Ubound

Code: 0

 

We have change the IIS log location from system drive to D$ drive.

Also we have verified there is no space in the locaion path(command line) with \ back slash mentioned.

Also verfied the IE Enhanced Security is disabled.

We have no clue on this.

Please assist on this issue..

0
Login to vote
kvb's picture

Anyone.. pls suggest..

0
Login to vote
alexandre.silva@ish.com.br's picture

Hello Guys.
How to install the SEP Content Distribution Monitor? is there any documentation?

0
Login to vote
_Brian's picture

This is the closest I could ever find:

http://www.symantec.com/docs/TECH156558

0
Login to vote
Jeshrel Cyril's picture

Hi,

 

It is mentioned the SEP GUP monitoring tool for 12.1 can be managed on the SEPM directly or remotely.

 

We all know how to do it on the server on which SEPm is present, How do we run this tool remotely on a system that does not have SEPM installed on it.

0
Login to vote