Can someone tell me what information i can get by choosing the below logging

Logs > System > client server activity > downloaded content package

 

I believe it gives the list of machines that downloaded full package / delta defs from the SEPM. Is that right?

 

Is there another logging available that gives us the list of machines pointing to GUP , i.e downloads only the definitions information (index) from SEPM and goes to GUP for definition updates.

 

Were there any improvements made in this part in RU7 that could cause a difference in the results?

Yes

you can see that report under client server activity

if the client downloaded from gup u will see that info.

 

How to determine what content SEP 12.1 clients are downloading from a GUP?

http://www.symantec.com/business/support/index?page=content&id=TECH188574

improvements can be seen from release notes.

http://www.symantec.com/business/support/index?page=content&id=TECH199676

check these links How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs) http://www.symantec.com/business/support/index?page=content&id=TECH97190 SEP 12.1 How can we check which content SEP 12.1 clients are downloading from GUP? https://www-secure.symantec.com/connect/articles/how-can-we-check-which-content-sep-121-clients-are-downloading-gup

I should clarify that the SEPM is RU7 & clients are RU 5 & RU7

I am actually more concerned about the resulting logs rather than the issue. We are pretty sure that the machines are acting as per they are configured. Its just that the reports are not correct (possibly).

in RU7 you need to enable sylink log to check if clients are getting updates from SEPM

and there is no report which lists the total number of gups in your environment.

 

HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint
Protection\LiveUpdate.

Check the settings for the following keys:

■ UseLiveUpdateServer
If this key is set to 1, the client uses an internal LiveUpdate server or Symantec LiveUpdate directly.

■ UseManagementServer
If this key is set to 1, the client uses the management server.

■ UseMasterClient
If this key is set to 1, the client uses a group update provider.

https://www-secure.symantec.com/connect/forums/how-verify-sep-are-updated-gup

Hello,

Check this Article:

Where does the SEPM show that SEP 12.1 clients are downloading content from GUPs?

http://www.symantec.com/docs/TECH187283

Client-Server Activity provide information items such as event time and event type; the domain, site, and server involved; client; and user name.

Logs > System > Client server activity > Downloaded content package 

gives information on content downloaded. Here is the Symantec definition of "content": http://www.symantec.com/docs/HOWTO26837

About the information in the System reports and logs

http://www.symantec.com/docs/HOWTO27546

An Idea in Existence: https://www-secure.symantec.com/connect/ideas/enhance-client-server-activity-reports-sepm

Hope that helps!!

Hi Mithun,

The information was relevant, but i need something more.
 

Client-Server Activity log

Use this log to look at all the client activity that takes place for a specific server.

For example, you can use this log to look at the following items:

• Successful and unsuccessful policy downloads

• Client connections to the server

• Server registrations

 

The other link says it will give information about full definition downloads instead of the delta. Is that what we get from the mentioned logs? I was told by a Symantec tech that the output is the list of all clients connecting to SEPM (irrespective of delta or full definition downloads)

 

Appreciate the help.

Hello,

The Symantec Technician is correct. However, I am sure you may have a suggestion for these logs to provide more information.

There is already an IDEA on this at place. 

https://www-secure.symantec.com/connect/ideas/enhance-client-server-activity-reports-sepm

Let's promote it.

Thanks Mithun. this should do.