Focus on Virus
Back to list
RE: Symantec AV reporting metrics.
Jun 09 2006 01:58PM
Ted Senn (ted senn zurichna com)
Installing the reporting server is the start. Unless you have a small
number of clients I would recommend a separate system. The reporting server
is somewhat CPU intensive in my experience.
Each AV server will need to have reporting agents installed on them.
However for testing you can set up the reporting server and only those AV
servers that you want to test with would need the reporting agents
installed. You will need the SAV 10.1 SSC to configure the agents
Yes 10.1 needs to be maintenance patched to 10.1.0.400 and point patched to
<serge.vondandamo@ To: "'Ted Senn'" <ted.senn (at) zurichna (dot) com [email concealed]>
wanadoo.fr> cc: <focus-virus (at) securityfocus (dot) com [email concealed]>, "'sekure'" <sekure (at) gmail (dot) com [email concealed]>
Subject: RE: Symantec AV reporting metrics.
If I understand, I just need to install the 10.1 and the reporting server
one of my primary and that is it?
Is there any eval version of it? I will like to test it on my lab first.
BTW, is the 10.1 affected by the recent Symantec products vulnerability?
De : Ted Senn [mailto:ted.senn (at) zurichna (dot) com [email concealed]]
Envoyé : mardi 6 juin 2006 14:24
À : serge.vondandamo (at) wanadoo (dot) fr [email concealed]
Cc : focus-virus (at) securityfocus (dot) com [email concealed]; 'sekure'
Objet : RE: Symantec AV reporting metrics.
I am running Reporting server without any problem on version 10, and 9
servers. The agent installs and reports back to the reporting server. You
may need a special group with 10.1 for the reporting server only, but the
reporting will work with the lower version AV servers ( agent will not
install on NT systems)
<serge.vondandamo@ To: "'sekure'"
<sekure (at) gmail (dot) com [email concealed]>
<focus-virus (at) securityfocus (dot) com [email concealed]>
Subject: RE: Symantec AV
Sekure and all,
Thanks but we don't have version 10.1 and unfortunately, I have to find a
way to report with the versions we have. I may suggest to upgrade but that
will not be possible now - IT Ops folks and other IS Managers will be
difficult to convince - given the heavy IT Governance and change process we
have in place.
We currently have version 8 in few sites, version 9 and 10 in the majority
of the sites.
Paul, your pointers are more than welcome!!!
De : sekure [mailto:sekure (at) gmail (dot) com [email concealed]]
Envoyé : lundi 5 juin 2006 20:51
À : Serge Vondandamo
Cc : focus-virus (at) securityfocus (dot) com [email concealed]
Objet : Re: Symantec AV reporting metrics.
Symantec Corp AV 10.1 has a reporting server module, which provides
pretty pictures for lots of these metrics.
On 6/3/06, Serge Vondandamo <serge.vondandamo (at) wanadoo (dot) fr [email concealed]> wrote:
> I have been tasked to develop Symantec AV reporting metrics.
> The metrics should help provide visual information (graphs, tables, etc)
> Senior management on weekly, monthly, quarterly and annual basis per
> and WW if needed.
> I am focusing on providing the followings:
> - Number of AV clients per region,
> - Number of AV engines, versions, per region,
> - Information on AV defs per region, frequency of updates, versions of AV
> definitions, age of AV definitions (i.e. two weeks old, two months old,
> old, etc).
> - Status of AV clients per region - i.e. auto-protect enabled or
> threat found, old definitions, etc.
> - Any other information that will be useful for big boss not interested
> technical data.
> I am looking for pointers, idea and suggestion from those who have
> done so; I will not try to re-invent the wheel ;)
> Thanks for your inputs.
> Serge Vondandamo, HND, CISSP, CCNA.
******************* PLEASE NOTE *******************
This E-Mail/telefax message and any documents accompanying this
transmission may contain privileged and/or confidential information and is
intended solely for the addressee(s) named above. If you are not the
intended addressee/recipient, you are hereby notified that any use of,
disclosure, copying, distribution, or reliance on the contents of this
E-Mail/telefax information is strictly prohibited and may result in legal
action against you. Please reply to the sender advising of the error in
transmission and immediately delete/destroy the message and any
accompanying documents. Thank you.
[ reply ]
Copyright 2010, SecurityFocus