Endpoint Protection Content Distribution Monitor install and configuration with 12.1.6

book

Article ID: 178786

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

Introduction

The Endpoint Protection (SEP) Content Distribution Monitor for Group Update Providers (GUP) is a standalone tool to monitor content distribution, site throughput, database table row count etc.  

Installation and Configuration

Installation of SEPM Monitor is simple. Copy the SepmMonitorTool.bat file to the SEPM_INSTALL\Tools folder and run the batch file. The Monitor will be launched with the default configuration settings. To modify the configuration settings, click on the "Configure" link which is at the top right corner of the UI. 
Configuration Settings:  

  • Auto-refresh: This indicates whether the UI should be refreshed automatically or not. If it's enabled, user can specify the interval in minutes. 
  • Content thresholds: These settings are used to indicate the color convention used in Distribution Summary section. User can specify the thresholds in percentages. If the corresponding count falls below that percentage, it's displayed in red color, otherwise it's in green color. 
  • Low disk space limit: This is used to get the computers information whose free disk space is less than the configured setting. It's used in Potential content load issues and Operational status of GUPs.
  • Low memory limit: This is used to get the computers information whose free memory is less than the configured setting. It's used in Operational status of GUPs.
  • Out-of-date client: These settings are used by 1) Virus/Spyware online and out-of-date by Network/Client Group and 2) IPS online and out-of-date by Network/Client Group sections of the UI. The settings are used only for the display purpose.
  • Show GUPs: This setting is used to display all the GUPs or only the abnormal GUPs. A GUP is said to be abnormal if one of the following conditions are met:  

 

  1. Offline
  2. Not having latest Virus/Spyware content
  3. Not having latest IPS content
  4. Low Disk space than the configured setting
  5. Low Memory than the configured setting

 

  • Apache log path: This indicates the folders to be parsed by the SEPM Monitor to find the total content downloads (Full and delta). 

User should enable the Apache logging on the Servers to be monitored by SEPM Monitor and specify the folder paths (Ex: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\apache\logs) seperated by semi-colons. All these folder paths should be accessible to the machine from where the SEPM Monitor is being run. This is used by the Virus/Spyware content downloads today from SEPM(s) section. 
*********
( WARNING: This Option below will generate a lot GB of flog files every day in large environments, that are not automatically removed) 

Steps to enable Apache Logs on each SEPM server: 

  1. Access SEP_INSTALL\apache\conf folder and take backup of httpd.conf file
  2. In httpd.conf file, enable access and error logging. Also set LogLevel to info. 

Error log: Uncomment #ErrorLog "|| bin/rotatelogs.exe logs/error-%Z.log 100M", change log file name format and log rotation to 24 hours. Modified line should be ErrorLog "|| bin/rotatelogs.exe logs/error-%Y-%m-%d.log 86400" 

Access log: Uncomment #CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 100M" combined, change log file name format and log rotation to 24 hours. Modified line should be CustomLog "|| bin/rotatelogs.exe logs/access-%Y-%m-%d.log 86400" combined 

LogLevel: Change LogLevel from warn to info. Modified line should be LogLevel info


3.Restart SEPM Webserver Service

Note:  Apache doesn't purge the old logs. Admin needs to delete the old logs on each server (Can come up with a script to delete). 

**********

3) Content Distribution

 This is used to display the content distribution problems. It has the following sections:  •
Latest versions available
 This section displays the Virus/Spyware, IPS and SONAR content versions available in SEPM database and Symantec Live Update server. It is also used to run the Live Update or access Rapid Release contents folder through the icons available at the top right corner of this section.


Virus/Spyware content downloads today from SEPM(s)
 This section displays the total (Full and Delta) Virus/Spyware content downloads from the configured SEPMs. It gets the data by parsing the Apache logs configured at Apache log pathT. The data is based on the content downloaded from 12:00 AM (GMT) to current time.
 
 (NOTE: "Virus/Spyware content downloads today" option will only work if Loglevel is set to info as mentioned in the Paragraph: "Steps to enable Apache Logs on each SEPM server", but this can be skipped as it generates a lot of log files that are not automatically removed)

• 
Distribution Summary
 This section displays the data for online clients only. It displays data for GUPs and Windows Clients that are having Latest Virus/Spyware and IPS.


Virus/Spyware online and out-of-date by Network/Client Group
 This section displays the data for Online clients that are not having latest Virus/Spyware content. The user can display the data by Network or by SEPM group. The user can also export the entire data. These actions can be done by clicking on the corresponding icons which are at the top right corner of this section. Number of rows to be displayed can be configured at Out-of-date client view setting.


IPS online and out-of-date by Network/Client Group
 This section displays the data for Online clients that are not having latest IPS content. The user can display the data by Network or by SEPM group. The user can also export the entire data. These actions can be done by clicking on the corresponding icons which are at the top right corner of this section. Number of rows to be displayed can be configured at Out-of-date client view setting.

• 
Potential Content load issues
 This section displays the total clients that are having Low disk space or missing/corrupted content. Low disk space is based on the configured  Low Disk Space threshold. The user can also export the clients data by clicking on the export icon(s) in the last column of the table.

• 
Operational status of all GUPs
 This section displays all the GUPs information. User can toggle the display between All the GUPs or only Abnormal GUPs. The user can also export the entire data. These actions can be done by clicking on the corresponding icons which are at the top right corner of this section.

4) Site Information
 This displays the Throughput data for all the servers in the local site. It also displays the throughput sampling/average from last heartbeat for all the servers in a site.

5) Database
 This displays the database table name and the corresponding row count. It also displays the oldest replication time across all sites. Purging of old data in the database is dependent on this time. 

6) Troubleshooting
 The debug log is SEPM_INSTALL\tomcat\logs\SepmMonitor.log. It contains all the log data related to the SEPM Monitor.