Server & Application Monitor

Symantec Endpoint Protection Server 12.1.x

Symantec Endpoint Protection Server 12.1.x.apm-template

This template allows you to monitor Symantec Endpoint Protection Server 12.1.x services and major TCP ports.

Prerequisites: WMI access to target server.

Credentials: Administrator on target server.

Monitored Components

Service: Symantec Embedded Database

This monitor returns the CPU and memory usage of the Symantec Embedded Database service. This service is responsible for the embedded database used by the Symantec Endpoint Protection Manager.

Service: Symantec Endpoint Protection Manager

This monitor returns the CPU and memory usage of the Symantec Endpoint Protection Manager service. This service is responsible for the application server which communicates with the Symantec Endpoint Protection Manager, Symantec Protection clients, and database.

Service: Symantec Endpoint Protection Manager Webserver

This monitor returns the CPU and memory usage of the Symantec Endpoint Protection Manager Webserver service. This service allows you to communicate with the SEPM manager using a web interface.

TCP Port: Server

This component monitor tests the ability of a Symantec SEP Server to accept incoming sessions. This port is used in HTTPS communication between a remote management console and the Symantec Endpoint Protection Manager. All login information and administrative communication takes place using this secure port. By default it monitors TCP port 8443.

TCP Port: Web Console

This component monitor tests the ability of a Symantec Web Console to accept incoming sessions. This port is used in initial HTTP communication between a remote management console and the Symantec Endpoint Protection Manager (to display the login screen only). By default it monitors TCP port 9090.

TCP Port: Client Communication

This component monitor tests the ability of a Symantec Server to accept information from clients. This port is used in communication between the Symantec Endpoint Protection Manager and Symantec Endpoint Protection clients and Enforcers. By default it monitors TCP port 8014.

TCP Port: Protection Web Center

This component monitor tests the ability of a Protection Web Center to accept incoming sessions. SPC 2.x makes Data Feed and Workflow requests to Symantec Endpoint Protection Manager over this port. By default it monitors TCP port 8444.

TCP Port: Reporting

This component monitor tests the ability of a HTTPS reporting console to accept incoming sessions. By default it monitors TCP port 8445.

Warning and Error Events: Symantec Network Protection

This monitor returns warning and error events for Symantec Network Protection source name in application log file.

Configuring Windows Remote Management (WinRM)

If not already done so, install PowerShell 2.0 and WinRM on the SAM and target servers. Powershell 2.0 can be found here: http://support.microsoft.com/kb/968930.
On the APM server, open a command prompt as an Administrator. To do this, perform the following step:

Go to the Start menu and right-click the cmd.exe and then select Run as Administrator.

Enter the following in the command prompt:
winrm quickconfig
winrm set winrm/config/client @{TrustedHosts="*"}
4. On the target server, open a command prompt as an Administrator and enter the following:
winrm quickconfig
winrm set winrm/config/client @{TrustedHosts="IP_ADDRESS"}

where IP address is the IP address of your SAM server.

Copyright 2014. Portions of this template is based on the following:
http://www.symantec.com/business/support/index?page=content&id=TECH163787
http://www.symantec.com/business/support/index?page=content&id=TECH186925
http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO75109

Last updated: 9/29/2014