Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Logs are missing or arriving late in manager

ℬrίαη

ℬrίαηApr 02, 2017 09:48 AM

Yes.
koby Z

koby ZApr 06, 2017 06:52 AMBest Answer

Increasing the Heartbeat to 30 min helped in this.

  • 1.  Logs are missing or arriving late in manager

    Posted Mar 30, 2017 11:04 AM

    Hi

    I'm running Sep V14 MP1.

    I've noticed a strange behavior in my environemnt regarding the FW Traffic Log.

    I see the logs at the endpoint, but when I look for them in the manager I see that it takes alof of time for them to appear. Can even take 45 minutes.

    Sometimes logs are not arriving at all.

    Someone have an idea why this is happening?

     

    Thanks



  • 2.  RE: Logs are missing or arriving late in manager

    Posted Mar 30, 2017 11:05 AM

    What is your heartbeat set to? Every time the clients check in they will upload their logs. The heartbeat may be set out to an hour or so. Default is four hours. Additionally, do you have many logs coming in? Are they rolling over quickly?



  • 3.  RE: Logs are missing or arriving late in manager

    Posted Mar 30, 2017 11:20 AM

    Hi, 

     

    Check this one article for uploading logs faster

    https://support.symantec.com/en_US/article.TECH212153.html

     

    Also 

    https://support.symantec.com/en_US/article.TECH150552.html



  • 4.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 07:20 AM

    Hi

    our heartbeat is set to 15 minutes.

    Traffic log size is 10mb.

    Thanks



  • 5.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 07:21 AM

    The issue is that not only they arrived late, but also not all logs arrive



  • 6.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 07:29 AM
    In the client log settings, check if upload to management server box is checked or not


  • 7.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 07:36 AM
    You can check the below article for information https://support.symantec.com/en_US/article.HOWTO81208.html


  • 8.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 07:47 AM

    Provided you have verified that you have the option to upload traffic logs enabled and they're not rolling over it may be a bug and you should contact support.



  • 9.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 09:32 AM

    the "upload to management" option is enabled.

    are the logs supposed to be uploaded to the manager on every heartbeat?



  • 10.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 09:48 AM
    Yes.


  • 11.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 09:59 AM
    Yes, it will send it every heartbeat interval.... With "Fast Pathing" enabled, the client checks if there are new detections or new network security events every minute. If one of these critical events is found, the SEP client uploads all threat-detection and network security related information for the events from the logs (AVMan.log and seclog.log) but not any other log information


  • 12.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 10:30 AM

    "Fast Pathing" is also enabled in my environment.

    Looks like I dont have a choice but opening a ticket to support.



  • 13.  RE: Logs are missing or arriving late in manager

    Posted Apr 02, 2017 10:31 AM
    Fast pathing does not apply to firewall logs. Support will need to look at this.


  • 14.  RE: Logs are missing or arriving late in manager
    Best Answer

    Posted Apr 06, 2017 06:52 AM

    Increasing the Heartbeat to 30 min helped in this.



  • 15.  RE: Logs are missing or arriving late in manager

    Posted Apr 06, 2017 07:03 AM

    Good to know that your issue resolved.