cancel
Showing results for 
Search instead for 
Did you mean: 
penoffd
Level 10
Report Inappropriate Content
Message 1 of 5

Latency (Time Delta) with Symantec EP

We have issues with the data coming into our ELM from the Symantec AV server in that the data has significant latency.  That is, the logs coming in as they're compiled by SEP can be as old as two hours from the actual event time.

I realize this isn't an ELM issue, but an issue with SEP, but all the tinkering I've done so far doesn't seem to help. I'm wondering if any other users have encountered this situation, and if so, how they dealt with it.

Thanks,

Dan

4 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Latency (Time Delta) with Symantec EP

Do you know the root cause of the delay?

Do you know if the logs are collected slowly or processed slowly by the AV server?

Are you under the impression that it's operating as intended?

Thanks.

penoffd
Level 10
Report Inappropriate Content
Message 3 of 5

Re: Latency (Time Delta) with Symantec EP

Thanks for the response, Andy.

From what I can tell and the response we get from Symantec, the logs just take some time to process by the AV server. Otherwise, it appears to be operating as expected.


I'll dig some examples out and post them here for review.


Dan

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Latency (Time Delta) with Symantec EP

Is this via the SQL parser or ASP? Thanks.

penoffd
Level 10
Report Inappropriate Content
Message 5 of 5

Re: Latency (Time Delta) with Symantec EP

Symantec Endpoint Protection ASP parser.  Here's a shot of the receiver's time deltas for reference.TimeDelta.JPG