Endpoint Protection

Is there a way to export any/some/most/all data that is available from the SAV10 Console (and also from SEP11) from a command line (CLI)? For example, exporting the system hierarchy or parts of it to .csv.
Of course it can be done through the console menus, but this will be a recurring task.

Greetings,

I do not believe there is a way to export data from either product via a command line. I would recommend adding this to the Idea's forum for an enhancement request.

I have a standard SAV v.10 install, which maintains logs here:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\

There is a log for each day, with a corresponding file name (e.g. 12112009.Log).  The file is comma delimitted and contains all the data in the console.  You should be able to just rename the file to .csv and open it in Excel (or other). There's quite a bit of data, so it may require some parsing.

No - not for SEP (11, etc) - all of the SEP management information, and hierarchy is kept in a SQL database. There's not an export option per se.
You might be able to write some SQL queries............

SAV does keep logs but you'd have to manipulate those log files to get out what you needed like Justin suggests.

For SeP, you might be able to use syslog, or the tool referenced in this similar thread:
https://www-secure.symantec.com/connect/forums/automated-pull-statistics

I don't think you can collect the required logs using Symantec Endpoint Protection Manager Log Collecting Tool .Because it will collect only manager logs ,not the client logs which is present in the database. As   ShadowsPapa said unlike SAV ,SEP keeps it's data in the database (Embedded or SQL).
If you want to get some data from that you have to do some query with that database .
Below do will give a picture about the database schema
Symantec™ Endpoint Protection Database Schema Reference Guide

Refer below discussion also
Is THIS the very latest schema reference???

Hi MFishman,

The fucntionality that you're looking for is not available from the command line, but you will probably be well pleased with what can be done from SAV Reporting server or from the SEPM console.  Both have powerful status and event reporting capabilities.  Reports can be saved in .csv format.  These can be scheduled and mailed to a remote location periodically, too.

For SAV 10, a good place to start is Using alerts on a reporting server with Symantec AntiVirus 10.1 and Symantec Client Security 3.1

That functionality was expanded in SEP.  For SEP 11, see About the different types of Symantec Endpoint Protection Manager Reports.  It's fairly intuitive to click on Reports in the SEPM console and explore the scheduled reports tab there.

Final plug: for best results, please make sure that you are on the most recent release of either SAV 10.1 (MR9) or SEP 11 (RU5).

Please do let the forum know if this has answered your query, and do check back on the forum or contact Symantec Tech Support for any additional questions!

Thanks and best regards,

Mick

I'm going to "respectfully disagree" on the merits of SEP's reports.
They are totally worthless, they give you pie charts at best ->
You've had 50 infections, 3 were risks, 47 were viruses" and then they show you pie charts with percentages.
No details.

If you want details, you have to go to the LOGS and export logs, then open them in Excel or whatever, remove the chaff (all the extranious info that's not really needed in a true overview report) and trim them up a bit then you have something useful to present to management.
I've been through all this before with a few "rants" and in general most users seem to agree with me - the built-in reports are not worth using unless you love pretty pie charts that really tell you nothing. There is no detail in "reports", no names, no computer names, etc.
The logs, however, have MUCH detail, but you have to manually export them.

At the risk of seeming like I'm going off on a rant here, I'll leave it at that - anyone who wants more can contact me.  Suffice it to say, it's pretty well know the "reports" give no useful info, our own management isn't happy with them.

Hi ShadowsPapa,

No problems at all with respectful disagreement.  :)  Have you created an entry with those good points under the forum's "Ideas" section?  It would be beneficial to add the link to that request from this thread so that anyone who agrees can add their weight to a call for enhanced reporting capabilities.

There's a Comprehensive Risk Report in SEPM that can be scheduled- it has decent detail on what threats, etc were discovered, plus a few of those lovely pie charts.   I've got it scheduled on mine.  Might be worth exploring.

Thanks and best regards,

Mick 

Unless it was added with RU5, I've tried them, and what we want is computer names, user names, virus names, etc. - not just "there were 100 infections last month" and then a breakdown of what "group" they were in.
I've setup one report and all it does is show percentages.
Management wants names............. they want to see WHO it was, WHEN, what computer, and the actual "virus name" (I use the term 'virus' loosely here as honestly, few things today are really a 'VIRUS' per se - most are Trojan Horses, etc)

I will look again, just in case things changed with RU5.

Monitors > Logs > Risk
Export to text file and import into excel and play with pivot tables.
You can save filters for the last week, month etc.

This is probably the most useful report of all and will give you the following:

Event time
Action
Username
Computer domain
Risk name
Filepath