Link to home
Start Free TrialLog in
Avatar of Sid_F
Sid_F

asked on

Symantec 12 traffic

I am working on a network that runs sep12 console. Remote clients connect into the console for policy changes, log uploads and virus def's. I can see lots of port 8014 traffic but how do I know if this traffic relates to the def downloads or if this relates to log files. I want to separate out the two so I have a clear view on exactly how much data is crossing the link.
Avatar of btan
btan

Can check client activity log e.g. Goto Monitors > Logs > Log type=System > Log content=Client Activity ..there should have some event type column stated in the listing
- See "How can we check which content SEP 12.1 clients are downloading from GUP?"
http://www.symantec.com/connect/articles/how-can-we-check-which-content-sep-121-clients-are-downloading-gup

Or even have GUP Monitor configured.
See  - http://www.symantec.com/connect/forums/how-identify-if-gup-getting-updates-sepm

in case of client troubleshooting for the heavy traffic, see "Troubleshooting Client Communication"
http://www.symantec.com/connect/articles/troubleshooting-client-commuincation

But do note that on the client machine, there can be more log in default path such as C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Logs\AV which depends on the log rotation and retention configured in SEP client's setting (e.g. Clients > My Company > Policies tab > Client Log Settings ). You may see discrepancies with SEPM and Client log as the retention period at each is not really in sync per say. SEPM tends to be shorter since it is seeing most clients - See this
Insufficent log retension settings to accomplish a 60 day report.

By default, a SEPM is configured to hold 10,000 entries of System Client-Server Activity logs. Depending on the amount of activity on a set of client and the number of clients attached to a SEPM, this limit may not be large enough to hold 60 days of data.
http://www.symantec.com/business/support/index?page=content&id=TECH184978
Avatar of Sid_F

ASKER

Thanks, just a few queries on the gup end and please excuse my ignorance for some of this!

If a client is configured for a gup does it scan its local network or does it need to be told the ip of the gup
Can a client be configured to look for a gup first and then go externally to Symantec for its updates if it doesn't find the gup?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Sid_F

ASKER

Great response thank you.