I am not getting evidences from traveled laptop to our ePO
Hope for a possitive response
I presume you mean that the travel laptops are not checking in with ePO and reporting status.
Setup an Agent Handler in your DMZ. Check the ePO documentation on Agent Handlers is has good directions.
Works very well
Thanks Herb Will definately try the same.
till then i would like to precize my problem more for our future discussons
There are 2 cases where in i am facing issues,
1 The laptops when connected on internal network after travel (say from 01-03-2012 to 29-03-2012) gives the logs of those 30 days but not the evidences (for eg. we get the path or which file it is but not the content of that file) as we get from online machines.
2 Few Users are beseated in Overseas like RSM's or Sales Managers who never get connected to our network we have VPN services through which we can enable the systems to sent the events from outside networks to our ePO server but the same issue that we not able to get the evidences.
Are you trying to pull the logs on the local machine back to the server. The logs in ........\commonframework\. Why? ePO will monitory the status for you. It can be configured to send you alerts when bad things happen. Do your management from ePO.
Thanks for the reply
our Endpoint is working absolutely fine for internal users only concern is about our external User who are never connected to our internal network and those who are on travels whose laptops are handed over to IT/us after the travel
so as far now evidences from travel laptops are ok for us only concern is for overseas users.
Well try to setup thru dmz and let's see if we can get the evidences as well for overseas employees
There are 2 things that generated when users actions are blocked:
- evidence . It's replicated to the server through CIFS and it needs separate port configured. Also, if they are in the internet and the server is in DMS, they probably cant write to the internal network location for evidence replication if the path is something like \\server.domain.local\evidence$ because (1) nobody will resolve that hostname and (2) it's probably an internal ip.
- events . Sent to the server through normal agent sync. easy to set up in dmz.
PS: Check in DLP policy under agent configuration for Evidence retention settings. Default it delets the evidence after 20 days if it's not replicated to the evidence share.