Endpoint Protection

 View Only

  • 1.  Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 04:43 AM

    Hello friends,

    Could some one tell me that how can i configure SAVFL for sending reports to the SEPM?

    do reply. Thanks in advance.

    Regards,



  • 2.  RE: Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 05:00 AM

    Hi Outrageous,

    I set up my SAVFL on Ubuntu to forward its logs recently to my SEP 12.1 SEPM, so can pass on some recommended reading and advice. 

    First off: what is your version of SAV for Linux?  (SAVFL)?  If it is a recent version, then the necessary Reporter install package is right on the CD.  SAVFL Reporter is not installed by dfault with SAVFL, but it is straightforward enough to install and configure.  The readme attached to this article has all teh necessary info.

    Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes
    Article: DOC3474 | Created: 2010-12-15 | Updated: 2011-11-01 |
    Article URL http://www.symantec.com/docs/DOC3474 
     

    Next, set up the SEPM:

    How to enable the 12.1 Symantec Endpoint Protection Manager (SEPM) to receive logging from legacy clients.
    Article: TECH157463 | Created: 2011-04-05 | Updated: 2012-01-31 |
    Article URL http://www.symantec.com/docs/TECH157463  
     

    The threat logs, etc from Ubuntu were then seen in my SEPM's reports, and they trigger notifications, etc in case of outbreaks.

    Give it a try - please keep this thread up top date with your progress!

    All the best,

    Mick



  • 3.  RE: Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 05:33 AM

    @Mick thanks...i've SAVFL 12.1 RU1



  • 4.  RE: Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 05:41 AM

    Fantastic - it should work fine.  &: )

    Do let the forum know of any trouble you encounter, or add a quick post if everything goes smoothly!



  • 5.  RE: Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 05:53 AM

    Alright I'll



  • 6.  RE: Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 05:56 AM

    @Mick i was reading the readme file of SAVFL reporter 1.0 in which they have written that it's compatible with SEP 11 but i have SEP 12.1.



  • 7.  RE: Configuring SAVFL reporting to the SEPM

    Posted Feb 10, 2012 06:01 AM

    Yes, that raedme file was written before SEP 12.1 was released.  I can confirm that on SEP 12.1's SEPM it's 100% supported and works.  &: )



  • 8.  RE: Configuring SAVFL reporting to the SEPM

    Posted May 02, 2012 11:36 AM

    Hi Outrageous,

    Just checking if you got SAVFL Reporter working.  The thread is still marked "needs solution."

    All the best,

    Mick



  • 9.  RE: Configuring SAVFL reporting to the SEPM

    Posted May 25, 2012 12:25 PM

    Just adding to this thread the solution to one potential cause of SAVFL Reporter failure:

    Symantec AntiVirus for Linux Reporter Fails to Forward Events, Error "Undefined subroutine.... line 128"
    Article: TECH189759   |  Created: 2012-05-25   |  Updated: 2012-05-25   | 
    Article URL http://www.symantec.com/docs/TECH189759

    Making sure that Perl is up-to-date and contains the correct module packages will enable SAVFL Reporter to function.

    Hope this helps!

    Mick