Paul,
Thanks for sharing with me.
My only concern is that since this will be a recurring activity (weekly,
monthly, etc), doing it manually will be a painful task and may end up
missing deadlines due to incorrect data, etc.
I think I will better start thinking about the 10.1 reporting Servers for
automation.
Thanks,
Serge
-----Message d'origine-----
De : paul@murgatroyd.org.uk [mailto:paul@murgatroyd.org.uk]
Envoyé : lundi 5 juin 2006 23:21
À : serge.vondandamo@wanadoo.fr; focus-virus@securityfocus.com
Objet : RE: Symantec AV reporting metrics.
apologies for the delay in replying... i was on my way home!
We have seen customers use many ways to get information out of our log
files, I've seen some quite useful information extracted using Microsofts
Log Parser tool. (and could possibly get hold of some scripts)
What you will need if you want to go the manual route however is this link:
http://service1.symantec.com/SUPPORT/ent-security.nsf/0/57757c1d149130b78825
6c760069f7f7?OpenDocument
It tells you exactly what the contents of the log file is, what each field
means and how it is stored - the key point is that the date is stored in
hex, and corresponds to the date since 1970
However, as reporting has been a big concern for a lot of our customers, we
have recently released SAV 10.1 which now includes a Reporter tool which is
also backwards compatible with the previous versions. Before people slate
me for trying to sell more product, if you already have either Gold or
Platinum support, you should be able to get SAV 10.1 for free as part of
your maintenance contract. In order to get Reporting working, you only need
to install the Reporting server onto one server and install agents onto your
remaining Primary servers. (If you only have one Primary, you can still
install the Reporting server onto it without a problem).
In terms of commercially available products, Sawmill have a couple of
modules now for interpreting our log files and they work very well indeed.
There is of course our SSIM product, but for pure AV log monitoring they
really are overkill (and expensive) unless you are talking about a serious
amount of data!
I do hope that helps to some extent, if you have any other questions (I am
sure there will be!) please feel free to ask (or flame!)
p.
-------- Original Message --------
Return-Path: <serge.vondandamo@wanadoo.fr> Mon Jun 05 19:11:24 2006
Received: from smtp8.wanadoo.fr [193.252.22.23] by padme.x-entiahost.com
with SMTP;
Mon, 5 Jun 2006 19:11:24 +0100
Received: from cheers (APlessis-Bouchard-153-1-79-4.w86-203.abo.wanadoo.fr
[86.203.134.4])
by mwinf0808.orange.fr (SMTP Server) with ESMTP id CFCF01C0025B;
Mon, 5 Jun 2006 20:11:18 +0200 (CEST)
X-ME-UUID: 20060605181118852.CFCF01C0025B@mwinf0808.orange.fr
From: "Serge Vondandamo" <serge.vondandamo@wanadoo.fr>
To: <paul@murgatroyd.org.uk>, <focus-virus@securityfocus.com>
Subject: RE: Symantec AV reporting metrics.
Date: Mon, 5 Jun 2006 20:11:14 +0200
Message-ID: <005301c688cb$6efeaa80$0a01a8c0@cheers>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0054_01C688DC.32877A80"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
In-Reply-To: <4759c9e52ea24dbbb0350f532d07074d@murgatroyd.org.uk>
Thread-Index: AcaIr+pomVCYtJhRSreuiXaMKrK73AAG2s0g
X-SmarterMail-Spam: SPF_None
Hi Paul,
Versions 9 and 10.
Thanks,
Serge
_____
De : paul@murgatroyd.org.uk [mailto:paul@murgatroyd.org.uk]
Envoyé : lundi 5 juin 2006 16:52
À : serge.vondandamo@wanadoo.fr; focus-virus@securityfocus.com
Objet : re: Symantec AV reporting metrics.
what version of SAV are you running?
Depending on version I can give you ideas on several different reporting
solutions.
I'm not trying to sell our products or services... just want to let you
know
whats available if you dont want to do this the hard way.
Paul Murgatroyd
Symantec Professional Services
_____
From: "Serge Vondandamo" <serge.vondandamo@wanadoo.fr>
Sent: Monday, June 05, 2006 2:32 PM
To: focus-virus@securityfocus.com
Subject: Symantec AV reporting metrics.
All,
I have been tasked to develop Symantec AV reporting metrics.
The metrics should help provide visual information (graphs, tables, etc)
to
Senior management on weekly, monthly, quarterly and annual basis per
region
and WW if needed.
I am focusing on providing the followings:
- Number of AV clients per region,
- Number of AV engines, versions, per region,
- Information on AV defs per region, frequency of updates, versions of AV
definitions, age of AV definitions (i.e. two weeks old, two months old,
very
old, etc).
- Status of AV clients per region - i.e. auto-protect enabled or disabled,
threat found, old definitions, etc.
- Any other information that will be useful for big boss not interested on
technical data.
I am looking for pointers, idea and suggestion from those who have already
done so; I will not try to re-invent the wheel ;)
Thanks for your inputs.
Regards,
Serge Vondandamo, HND, CISSP, CCNA.
