Checking virus defintions within Kubernetes Connector Pods running Symantec Protection Engine 9
Article ID: 381497
Updated On:
Products
Protection Engine for Cloud Services
Issue/Introduction
Running Symantec Protection Engine (SPE) in a Azure/Kubernetes environment is very different than the normal on-premise configurations. Identifying what virus definition versions exist in the pod is difficult if there is no management console to pull the information and display it.
How can virus definition versions be accessed and or examined manually?
Environment
Protection Engine 9.2
Resolution
Accessing virus definition versions
SPE report.xml contains the information about SPE statistics including virus definitions received via the LiveUpdate process. report.xml can also be found on the Persistent Volume under the location -
<mount_point>/spe-data/container/<pod name>/log/report.xml
.Steps to check LiveUpdate definition version with the help of Persistent Volume (No need to login inside POD):-
1.Navigate to the below location inside Persistent Volume
PV - <mount_point>spe-data/container
2. Run below command
grep -r "<AntiVirus DefinitionDate=" | grep log/report.xml
The previous command will show AntiVirus Definition from all the containers log present on the PV.
Sample output of above command:-
/mount/speazureconnectorstorage/ speazurepv/spe-data/container$ grep -r "<AntiVirus DefinitionDate=" | grep log/report.xml
spedemo-specs-79fcfffd8d-hwsx6/log/report.xml: <AntiVirus DefinitionDate="Wed Nov 6 2024" version="20241106.026"/>
NOTE:- Only Active POD report.xml need to be referred, as this will show the report.xml of the terminated pod as well. Active POD list can be fetched from the cluster by command "kubectl get pods".
Feedback
Yes
No
Powered by
