I'm using SEP sort of like wireshark one some computers to try to nail down what's hammering our network - I'm looking to see if it's anything between SEP on clients and the SEPM servers that's doing it.
I go to the console, made a test group, changed that group to mixed control
I create a firewall rule at the top for that group only that is set to all/everything, and write to packet log.
Back on the server, I open SEP, then choose view logs, then NTP logs, packet log.
Usually it shows up blank. Then I switch between local view and source view, and then it will populate the screen. If I hit refresh, the log may appear empty until I toggle between local and source, or hit refresh again.
When it IS showing all the packets, then I should be able to highlight a packet and see what's in it in the lower panes in the log view, much like wireshark does. And it usually does, then I'll click another line and it will show nothing below.
I click several lines, it shows nothing. Then I hit refresh again or toggle between local and source, and then I can click and line and see the content once again, or, it might do worse and present me with an empty log screen!!
Anyone know what's up?
And - what the difference between local and source view in these logs? Looks like it gives the same info?.....................
SEPM and SEP RU6a on clean new 2008 R2 64bit VMWare servers.
This sort of logging works perfectly on clients I'm doing it on, no issues.