You need visibility into which SEP agents, SEPMs or other devices may be downloading content from a LiveUpdate Administrator (LUA).

While there is no location in the LUA UI which provides a list directly, the steps below can be used to generate a list of systems download content from an LUA.

1. Navigate to the path C:\Program Files (x86)\Symantec\LiveUpdate Administrator\tomcat\logs (default path)
2. Open the most recent file named "localhost_access_log.YYYY-MM-DD.txt"

This log contains access requests of the LUA.  It starts by listing the IP of the device that accessed it.  Then the date/time followed by what was requested.  Look for GET requests from the configured distribution center (clu-prod is the default).  An example below with redacted IP address (XXX.XXX.XXX.XXX)

XXX.XXX.XXX.XXX - - [<date>:<time>] "GET /clu-prod/livetri.zip HTTP/1.1" 200 774721

If you see an IP address in that log, it would represent a connection from one of the devices in the following categories:

1. SEPM downloading content
2. SEP agent downloading content
3. The LUAs address (or loopback)
4. IP address of someone logging into the LUAs administrative web portal