Endpoint Protection

I would like to automate the pull of SEP client data for our domain to be processed by a monitoring system that we are building. Basically, if we are able to automate the pulling of the inventory export CSV, we could use that in our system. I've tried going to http://server/Reporting/inventory/export_inventory.php, it asks me to login and then goes to the home page. We are looking at a Windows server with .NET to retrieve this information and process it. I have no access to the SEP servers to install anything. I am only an administrator over one domain in SEP. Is there some service that we can hook into that would give this information a bit easier? We can create a generic service account and pass in auth requests before requesting the information, we just need to know how to get to the data programmically.

Any ideas or thoughts are welcome.

Thanks,
Robert LeBlanc
Brigham Young University

In this case your administrator can create a limited account for you wherein you only have the right to pull the reports after logging in to any of the SEPM conssole. Then you can login to any of the SEPM consoles remotely and do the needful.

How to log on to the Symantec Endpoint Protection Manager Console remotely

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008020815065948

Thanks, however I don't believe this helps me do this programmatically. I am an administrator in our domain, so I'm sure I could create a dummy user for this purpose. I want a server to pull this report, not a user having to do it interactively. The only way I can use the management tools is remotely so I'm aware of that process. If you have any other ideas, I'd be glad to hear them. I've been pounding my head against the wall on this one.

Thanks,
Robert LeBlanc

Is the SEPM syslog function/feature an option in your environment?

You may also be able to use the SEPM Log Collecting Tool, but it may not pull all the data that you need:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1f0bfab84d364189882574c8008236a6?OpenDocument

I can't seem to find the Log Collecting Tool. Can you give me a reference to the download? It sounds promising so I'd like to try it.

I found it on one of old servers. We will not be using these any more and I won't have access to the new server. From looking at the script, it looks like it is just copying files from different directories. I need to be able to do this from another machine without admin access to the server. Can Log Collecting tool do this remotely?

Thanks,
Robert

collectlog.cmd , collects logs for troubleshooting purposes, do u want to collect those logs remotely?

unlike SAV ,SEP keeps it's data (including client logs) in the database (Embedded or SQL).
If you want to get some data from that you have to do some query with that database .
Below do will give a picture about the database schema
Symantec™ Endpoint Protection Database Schema Reference Guide

Refer below discussion also
Is THIS the very latest schema reference???

---------------------------------------------------------------------------------------------------------------------
Below doc will give some informations about event log entries which is created by SEP
 Symantec Endpoint Protection 11.x event log entries
Is it helpful to you?

This can be an another option for you
Connecting Altiris Reports to SEP 11 Data 

I'm not sure if the logs are exactly what I want, it was a suggestion that I was looking at. What I think I do want is the inventory CSV file and this is how I can get it manually.

Open up Internet Explorer (firefox does not seem to work), enter http://myavserver.domain.com:8014/Reporting
Login using a user from my domain
Click on the Logs tab
For Log Type, select Computer Status then click the View Log button
In the next window, click Export

That gets me a CSV file with all our client status in it. From that, I can put that in a database and build graphs that we are interested in for our monitoring program.

I don't have access to change anything on the server, so if this process can be automated using wget, curl or whatever, that would be best. We can set-up a service type account for the automation service to authenticate to the SEP servers. If I really need to, I might be able to convince the server maintainers to put an additional php file that would help, but they will not alter an existing file.

I highly doubt that they will give me SQL access, as then I would be able to look into any other domain, and they don't like that very much.

I hope that clears up the question a little better.

Thanks,
Robert LeBlanc
Brigham Young University
Life Sciences & Undergraduate Education Computer Support

This is another good thought, however I don't think I will be given SQL access to the server. I think SQL access would grant me read access on all domains, and the server maintainer will frown on that. I've responded to an earlier question with some more details. Hopefully you may have some additional ideas to try.

Thanks,
Robert LeBlanc
Brigham Young University
Life Sciences & Undergraduate Education Computer Support

Take a look worth reading

https://www-secure.symantec.com/connect/articles/metrics-using-data-sepm

So, this is what I'm trying to do, minus the hands-on interactive part. I want a service to do all the dirty work, pull that report, import it into a database and then generate the reports. The only difficult part that I can't seem to get is exporting the data from SEP in a script without having some sort of Admin access to the server. I think I am getting close though. I was able to coax Firefox enough to get me to the page where the export button is, and I've been using the DOM inspector and Web developer plug-in to get the me the generated form that it looks like it is posting to create the CSV. If I can automate the login portion to get the session cookies, I think I've got what I need. I'll report back on my findings.

Thanks,
Robert LeBlanc

Ok, so I was thinking this wouldn't be too bad....until... I looked at the login page and they are running a lot of javascript to encrypt the username and password with blowfish and the session ID. I could rewrite the ~800 lines of code, but that feels like so much of a pain. I might see if I can modify export_inventory.php to give back the contents of my domain and see if the administrator will put it on the server. I wish there was an easier way of getting to this CSV file.

Are you looking for such a information?
 Trick to export customized reports from Symantec endpoint Manager

I don't think there is a good way to get this information using a script that is external to the server. I've hacked the page to get the SQL query, trimmed it down a lot and now I am waiting for our server administrator to get back to me to see if we can get this SQL data using a different method (web service, SQL client, etc). The reason I wanted to avoid this is because I have to go through change control, and all the red tape about having a server customized just for our need. I think this is the only way to do it.

Thanks for all the thoughts.