Archive

Symantec EndPoint version

Communicator

Hi, anyone here collecting Symantec Endpoint (SEP) logs? I've been trying out the Symantec App but I don't find any of the logs showing me the version of the SEP agent of a certain device. Any tweaking needed on Symantec? Testing on SEP11. Appreciate any assitance.

Tags (1)
0 Karma

Engager

What you can do is to create an HI policy and create a HI policy item to log this information and then it will be sent to Splunk.

0 Karma

New Member

Hi,

I am Chetan Savade from Symantec Technical Support team.

I would be glad to answer your question.

You can check SEP client version details in the Symantec Endpoint Protection Manager (SEPM) if it's installed.
If it's a individual SEP client then can with this way

1) Open the Symantec Endpoint Protection client GUI
2) Click on 'Help' & select About and it would show the version of SEP client.

All SEP releases info is available here: http://bit.ly/m0vOJp

Let me know if you are looking for any other info.

Regards,
Chetan Savade

0 Karma

Communicator

Hi Chetan, as mentioned to your colleague Mithun, I'm looking at having the agent version and virus definition installed data in Splunk.

0 Karma

Communicator

I am also looking virus defination information logs in splunk.

0 Karma

New Member

Hello,

This is Mithun Sanghavi from Symantec Endpoint Protection Technical Support Team.

You can check the Symantec Endpoint Protection by following steps:

1) Open the Symantec Endpoint Protection client GUI
2) Click on "Help"
3) Click on "About" and it would show the version of SEP client.

In order to check the logs, you may collect the sylink.log by following the Article below:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

Once the above logs have been collected, yo can open the same in notepad and check the SEP client version as well.

Hope that helps!!

0 Karma

Communicator

Hi Mithun, I'm looking into having the information at hand in Splunk, not in the SEP GUI. But I think if we can collect the sylink.log, we may be able tp use that to crossmatch the devices. Does sylink.log also include the virus definition installed? Will look into this, thanks.

0 Karma

Explorer

My SEP logs (12.1-RU2) don't contain version on the endpoint either.

What I did to give me similar data on endpoints being out of date is write a query based on the status of the endpoint. Such as:

-The client has downloaded the content package successfully
-The client has downloaded the policy successfully
-The client has downloaded the Intrusion Prevention policy successfully
-The management server received the client log successfully

You may be able to use a different product to tell you the version; I get version information from my NAC solution.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!