I am currently trialling HostMonitor and so far am blown away as to how well it works, I had previously written a spec for a small business Windows monitoring system and HM comes very close to what I was thinking of getting developed, and it's affordable too!
Anyway I was wondering if anyone can let me know if it can be used to monitor Symantec Endpoint Protection server and report on things like a virus found on a managed client or definitions out of date on a client, etc.
I am hoping that perhaps it can be accessed via SNMP if not via some VB code? I am complete SNMP newbie and get confused even monitoring a basic device, so I have printed out a dummies guide. But if someone has some instructions for monitoring SEP management servers that would fantastic.
Symantec Endpoint Protection monitoring
Virus definitions timestamp can be checked by VB script like the following
==========================
const statusUnknown = "Unknown:"
const statusOk = "Ok:"
const statusBad = "Bad:"
FUNCTION PerformTest()
const HKEY_LOCAL_MACHINE = &H80000002
'Set Bad status when virus definitions older than iDayDiff
iDayDiff = 7
'Name of the system where antivirus is installed
strComputer = "servername"
Dim aYear, aMon, aDay, aDate, strLastUpd
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
strValueName = "CurrentSequenceNum"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
if strValue <> "" then
aYear = "200" & Left(strValue, 1)
aMon = Mid(strValue, 2, 2)
aDay = Mid(strValue, 4, 2)
aDate = DateSerial(aYear, aMon, aDay)
strLastUpd = "Last definitions update date: " & aDate
if DateDiff("d", aDate, Date) <= iDayDiff then
PerformTest = statusOk & strLastUpd
else
PerformTest = statusBad & strLastUpd
end if
else
PerformTest = statusUnknown & "Unable to obtain last definitions update timestamp from the registry"
end if
END FUNCTION
==========================
Script can be executed by Active Script test method
http://www.ks-soft.net/hostmon.eng/mfra ... htm#script
Also, as far as I know Symantec Endpoint Protection can send SNMP Trap messages on some events. Unfortunately I cannot find detailed description of this feature. I assume you have manual that comes with Endpoint Protection?
If you can setup Endpoint Protection to send SNMP Trap message, then you may use HostMonitor to receive such messages. Just setup SNMP Trap test item:
http://www.ks-soft.net/hostmon.eng/mfra ... m#snmptrap
Regards
Alex
==========================
const statusUnknown = "Unknown:"
const statusOk = "Ok:"
const statusBad = "Bad:"
FUNCTION PerformTest()
const HKEY_LOCAL_MACHINE = &H80000002
'Set Bad status when virus definitions older than iDayDiff
iDayDiff = 7
'Name of the system where antivirus is installed
strComputer = "servername"
Dim aYear, aMon, aDay, aDate, strLastUpd
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
strValueName = "CurrentSequenceNum"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
if strValue <> "" then
aYear = "200" & Left(strValue, 1)
aMon = Mid(strValue, 2, 2)
aDay = Mid(strValue, 4, 2)
aDate = DateSerial(aYear, aMon, aDay)
strLastUpd = "Last definitions update date: " & aDate
if DateDiff("d", aDate, Date) <= iDayDiff then
PerformTest = statusOk & strLastUpd
else
PerformTest = statusBad & strLastUpd
end if
else
PerformTest = statusUnknown & "Unable to obtain last definitions update timestamp from the registry"
end if
END FUNCTION
==========================
Script can be executed by Active Script test method
http://www.ks-soft.net/hostmon.eng/mfra ... htm#script
Also, as far as I know Symantec Endpoint Protection can send SNMP Trap messages on some events. Unfortunately I cannot find detailed description of this feature. I assume you have manual that comes with Endpoint Protection?
If you can setup Endpoint Protection to send SNMP Trap message, then you may use HostMonitor to receive such messages. Just setup SNMP Trap test item:
http://www.ks-soft.net/hostmon.eng/mfra ... m#snmptrap
Regards
Alex
http://www.norton-soft.com/symantec-endpoint-protection
=====================
Symantec AntiVirus 10.2 supports many clients and is available on various platforms, including Linux. The system offers a wide range of alerting options including email messages, broadcast messages and SNMP traps. It enables administrator to launch a program when specific event occur and is easy manageable and configurable.
=====================
On the other hand
http://www.symantec.com/connect/forums/ ... snmp-traps
=====================
I believe SAV used a snap-in for traps which isn't available for the SEPM. As far as I know the only thing you can do with the SEPM is email reports/alerts.
=====================
Looks like we have to ask Symantec support team... They must know how it works.
BTW: Its wrong forum for such discussion. Please use "Whish list" forum when you need some new option to be added into our software.
Regards
Alex
=====================
Symantec AntiVirus 10.2 supports many clients and is available on various platforms, including Linux. The system offers a wide range of alerting options including email messages, broadcast messages and SNMP traps. It enables administrator to launch a program when specific event occur and is easy manageable and configurable.
=====================
On the other hand
http://www.symantec.com/connect/forums/ ... snmp-traps
=====================
I believe SAV used a snap-in for traps which isn't available for the SEPM. As far as I know the only thing you can do with the SEPM is email reports/alerts.
=====================
Looks like we have to ask Symantec support team... They must know how it works.
BTW: Its wrong forum for such discussion. Please use "Whish list" forum when you need some new option to be added into our software.
Regards
Alex
Thanks, so far it's not looking promising for SNMP with SEPM.
As for wish list, didn't know it was a wish list item until I asked about it:)
If the only way to monitor it is to keep an eye on email alerts, is there a way for HM to parse emails for information or will this have to be done with an external script or app? Sorry still coming to grips with everything that HM can do and how it works.
As for wish list, didn't know it was a wish list item until I asked about it:)
If the only way to monitor it is to keep an eye on email alerts, is there a way for HM to parse emails for information or will this have to be done with an external script or app? Sorry still coming to grips with everything that HM can do and how it works.
Looks like the best method for SEPM monitoring - NT Event Log test method
http://www.ks-soft.net/hostmon.eng/mfra ... m#chkNTLog
Symantec Endpoint Protection records events into system event log: http://service1.symantec.com:80/SUPPORT ... m_out=prod
Regards
Alex
http://www.ks-soft.net/hostmon.eng/mfra ... m#chkNTLog
Symantec Endpoint Protection records events into system event log: http://service1.symantec.com:80/SUPPORT ... m_out=prod
Regards
Alex
