Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide



Similar documents
Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange

Symantec Mail Security for Microsoft Exchange

Enabling Windows Management Instrumentation Guide

Backup Exec 15. Quick Installation Guide

Symantec Mail Security for Microsoft Exchange Getting Started Guide

Symantec Backup Exec Management Plug-in for VMware User's Guide

Getting Started with Symantec Endpoint Protection

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Symantec Endpoint Protection Shared Insight Cache User Guide

Symantec Client Firewall Policy Migration Guide

Symantec Enterprise Vault

Symantec Enterprise Vault

Symantec Enterprise Vault

Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Symantec AntiVirus Corporate Edition Patch Update

Norton Small Business. Getting Started Guide

Policy Based Encryption Essentials. Administrator Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Symantec Enterprise Vault

Symantec Enterprise Vault

Symantec Enterprise Vault

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec Mail Security for Microsoft Exchange Getting Started Guide

Symantec Mobile Management for Configuration Manager

Symantec Enterprise Vault

Enterprise Vault.cloud. Microsoft Exchange Managed Folder Archiving Guide

Symantec Protection for SharePoint Servers Implementation Guide

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Symantec Endpoint Protection Getting Started Guide

Symantec Enterprise Vault

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Symantec Enterprise Vault Technical Note. Administering the Monitoring database. Windows

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Symantec Backup Exec 2010 R2. Quick Installation Guide

Patch Assessment Content Update Release Notes for CCS Version: Update

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Symantec ESM Agent For IBM iseries AS/400

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec Mobile Management 7.2 MR1Quick-start Guide

Quick Start Guide for Symantec Event Collector for ForeScout CounterACT

Symantec LiveUpdate Administrator. Getting Started Guide

Using Backup Exec System Recovery's Offsite Copy for disaster recovery

Symantec Endpoint Encryption Device Control Release Notes

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Configuring Symantec AntiVirus for NetApp Storage system

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Symantec NetBackup OpenStorage Solutions Guide for Disk

Symantec Protection for SharePoint Servers Getting Started Guide

Symantec Protection Center Enterprise 3.0. Release Notes

Best Practices for Running Symantec Endpoint Protection 12.1 on Point-of- Sale Devices

AntiVirus. Administrator Guide

Encryption. Administrator Guide

Veritas Cluster Server Getting Started Guide

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Symantec Virtual Machine Management 7.1 User Guide

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Symantec Enterprise Vault. Upgrading to Enterprise Vault

Symantec Enterprise Vault Technical Note. Troubleshooting the Monitoring database and agents. Windows

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Symantec Security Information Manager 4.8 Release Notes

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Symantec Enterprise Vault.cloud Compatibility List. March 13, 2015

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Altiris Asset Management Suite 7.1 from Symantec User Guide

Symantec Critical System Protection Agent Event Viewer Guide

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Symantec Critical System Protection Agent Guide

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide

Web Security Firewall Setup. Administrator Guide

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

Symantec Endpoint Encryption Full Disk

Symantec Mail Security for Domino

Symantec Enterprise Vault Technical Note

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

NetBackup Backup, Archive, and Restore Getting Started Guide

Symantec Enterprise Vault Technical Note

Symantec Endpoint Protection Small Business Edition Getting Started Guide

Quick Reference. Administrator Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup Vault Operator's Guide

Symantec Endpoint Protection Small Business Edition Installation and Administration Guide

How To Use Symantec Mail Security For Windows (X86) And 7.0 (X64) (X32) (For Windows 7) (Windows 7) And 8.2) (Msmsm

Altiris Monitor Pack for Servers 7.1 SP2 from Symantec Release Notes

Transcription:

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 6.5 Legal Notice Copyright 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1

Contents Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide... 7 About the Symantec Mail Security for Microsoft Exchange Management Pack... 7 Importing the management pack... 8 About the Symantec Mail Security for Microsoft Exchange rules... 9 About Licensing rules... 10 About LiveUpdate rules... 11 About Outbreak rules... 11 About Performance rules... 11 About Rapid Release rules... 12 About Service rules... 12 Viewing the Symantec Mail Security for Microsoft Exchange group... 13 Disabling default rules... 15 Viewing Symantec Mail Security for Microsoft Exchange events and performance data... 15

6 Contents

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange Management Pack If you use Microsoft Exchange Server 2007/Server 2010, the Symantec Mail Security for Microsoft Exchange Management Pack lets you integrate Symantec Mail Security for Microsoft Exchange events with Microsoft Operations Manager 2005 (MOM). If you use Microsoft Exchange Server 2003, the Symantec Mail Security for Microsoft Exchange Management Pack lets you integrate Symantec Mail Security for Microsoft Exchange events with MOM and Microsoft System Center Operations Manager 2007 (SCOM). When you import the management pack in MOM/SCOM, it immediately begins monitoring objects based on default configurations and thresholds. These default configurations and thresholds (such as monitors, rules, and tasks) monitor specific Symantec Mail Security for Microsoft Exchange events in the Windows Event Log and the Windows Performance Monitor. When a rule is triggered, the MOM/SCOM agent collects data about the event and forwards it to MOM/SCOM. MOM/SCOM provides you with a central repository that you can use to monitor critical events that occur on your Exchange servers. For more information about Microsoft System Center Operations Manager 2007, see the Microsoft System Center Operations Manager 2007 documentation. For

8 Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Importing the management pack more information about Microsoft Operations Manager 2005, see the Microsoft Operations Manager 2005 documentation. For more information about Symantec Mail Security for Microsoft Exchange, see the Symantec Mail Security for Microsoft Exchange Implementation Guide. Importing the management pack The system requirements for the computer on which you import the management pack are as follows: Microsoft System Center Operations Manager 2007 (32-bit platform) or Microsoft Operations Manager 2005 (32-bit platform) Microsoft SQL Server 2005 Enterprise Edition (32-bit platform) The Microsoft SQL Server and SQL Agent services must be running when you install the management pack. Microsoft Exchange Server 2010/2007/2003 Windows Server 2003 The management pack is supported for Symantec Mail Security 6.5 for Microsoft Exchange events only. The MOM/SCOM agent must be deployed to the servers on which Symantec Mail Security for Microsoft Exchange is installed. This agent collects events and performance data and forwards the information to MOM/SCOM. For information about how to deploy the agent or remove the Symantec Mail Security for Microsoft Exchange Management Pack, see the appropriate Microsoft documentation. To import the management pack in MOM 1 Copy SMSMSE 6.5 Management Pack.akm to the following folder: \Program Files\Microsoft Operations Manager 2005\Management Packs 2 In the MOM 2005 Administrator Console, in the left pane, right-click Management Packs, and then click Import/Export Management Pack. 3 In the Pack Import/Export Wizard panel, click Next. 4 In the Import or Export Management Packs panel, click ImportManagement Packs and/or reports, and then click Next. 5 In the Select a Folder and Choose Import Type panel, click browse and select the following folder: \Program Files\Microsoft Operations Manager 2005\Management Packs 6 Click Import Management Packs only, and then click Next.

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange rules 9 7 In the Select Management Packs panel, select SMSMSE 6.5 Management Pack.akm, and then click Next. 8 Click Finish. 9 In the Import Status window, click Close when the program finishes importing the management pack. To import the management pack in SCOM 1 Copy SMSMSE_6.5_Management_Pack.xml to the following folder: \Program Files\System Center Management Packs 2 In the SCOM 2007 Operator Console in the left pane, right-click Management Packs, and then click Import Management Pack. 3 Browse and locate the SMSMSE_6.5_Management_Pack.xml file in the \Program Files\System Center Management Packs folder. 4 In the Import Management Packs panel, click Import. 5 In the Import Status window, click Close when the program finishes importing the management pack. About the Symantec Mail Security for Microsoft Exchange rules When you import the management pack, a Symantec Mail Security for Microsoft Exchange directory structure is automatically created and populated with pre-configured rules. These are rules that collect data about specific critical events. Symantec Mail Security for Microsoft Exchange event rules are as follows: Event rules These are rules that collect data about specific critical events. The following event rules come under this category: Licensing See About Licensing rules on page 10. LiveUpdate See About LiveUpdate rules on page 11. Outbreak See About Outbreak rules on page 11. Rapid Release See About Rapid Release rules on page 12. Services See About Service rules on page 12.

10 Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange rules Performance rules These are rules that measure specific performance criteria. The following event rules come under this category. See About Performance rules on page 11. Note: Rules are not categorized for SCOM. About Licensing rules For information about how to modify rules or create new rules, see the appropriate Microsoft documentation. Table 1 lists the default Licensing rules and the events that trigger the rules. Table 1 Default Licensing rules Rule Antivirus License Error Invalid License - Console LiveUpdate Failed To Update Invalid License - LiveUpdate Failed to Update Invalid License - LiveUpdate Virus Definitions Not Updated Invalid License - Rapid Release Failed to Update Invalid Symantec Premium AntiSpam License Symantec Premium AntiSpam License Error Unable to Install Antivirus License Unknown Symantec Enterprise Licensing Error Description of event trigger The content license expired or is not installed, or the license file is damaged. The content license expired or is not installed, or the license file is damaged. The content license expired or is not installed, or the license file is damaged. Your content license expired or is not installed, or the license file is damaged. Could not find a valid content license. The license file is expired, invalid, or damaged. The Symantec Premium AntiSpam license expired or is not installed, or the license file is damaged. The license file is expired, invalid, or damaged. The license file is expired, or the license file is damaged.

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange rules 11 About LiveUpdate rules Table 2 lists the default LiveUpdate rules and the events that trigger the rules. Table 2 Rule Default LiveUpdate rules Description of event trigger Console Communication Error with LiveUpdate LiveUpdate Critical Error LiveUpdate Error LiveUpdate Host Busy LiveUpdate No Carrier LiveUpdate Unknown Error Missing Virus Definitions An error occurred with LiveUpdate. The LiveUpdate server is temporarily unavailable, or the server has lost network connectivity. Check the Event Log for more information. The LiveUpdate server is temporarily unavailable, or the server has lost network connectivity. The LiveUpdate server is temporarily unavailable, or the server has lost network connectivity. Many people are attempting to access the LiveUpdate server simultaneously. The LiveUpdate server is temporarily unavailable. The LiveUpdate server is temporarily unavailable. Definition files are damaged or missing. About Outbreak rules Table 3 lists the default Outbreak rules and the events that trigger the rules. Table 3 Default Outbreak rules Rule Outbreak Occurrence Outbreak Reoccurrence Description of event trigger An outbreak threshold was reached. An outbreak is still occurring. About Performance rules Table 4 lists the default Performance rules and the events that trigger the rules.

12 Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange rules Table 4 Performance counters Performance counter Bytes Scanned Bytes Scanned/Sec Total Scans Total Scans/Sec Threats and Risks Found Threats and Risks Found/Sec Content Filtering Found Content Filtering Found /Sec Spam Violations Found Spam Violations Found/Sec Description Number of bytes scanned. Number of bytes scanned per second. Number of scans performed on messages and attachments. Number of scans performed on messages and attachments per second. Number of software threats detected. Number of software threats detected per second. Number of content violations detected. Number of content violations detected per second. Number of spam violations detected. Number of spam violations detected per second. About Rapid Release rules Table 5 lists the default Rapid Release rules and the events that trigger the rules. Table 5 Rule FTP Failure Default Rapid Release Rules Description of event trigger An FTP failure occurred. General Error During Rapid Release Unknown. Check the Event Log for more information. About Service rules Table 6 lists the default Services rules and the events that trigger the rules.

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange rules 13 Table 6 Default Services rules Rule Auto-Protect Process Failed to Start Out of Memory Quarantine is Full Service Could Not Start Service Could Not Start - Already Started Service Could Not Start Auto-Protect Process Not Started Service Could Not Start - Configuration Invalid Service Could Not Start - Cannot Logon to the Exchange Server Service Could Not Start - Low Memory Conditions Service Could Not Start - Not Admin Account Service Stopped Unable to Record Events Description of event trigger Check the Event Log for more information. Computer resources are low. The Quarantine Server contains too many quarantined files. Check the Event Log for more information. An attempt was made to start the service, but the service is already running. The Symantec Mail Security for Microsoft Exchange service cannot start. The program settings could not be obtained or are invalid. Unable to logon to the Exchange server. There is not enough memory to start the service. The NT account specified does not have administrator privileges. The computer was restarted or shut down. The Event Log is full. Viewing the Symantec Mail Security for Microsoft Exchange group You can view the default Symantec Mail Security for Microsoft Exchange group in the MOM/SCOM console. Each rule contains a Knowledge Base that provides the following information: Summary Cause Resolution A brief description of the rule What event triggered the rule Proposed resolutions for resolving the event issue

14 Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide About the Symantec Mail Security for Microsoft Exchange rules To view the Symantec Mail Security for Microsoft Exchange rule group in MOM 1 In the MOM 2005 Administrator Console under Management Packs, in the left pane, expand RuleGroups, expand Symantec, and then expand Symantec Mail Security for Microsoft Exchange. 2 Expand any of the following categories to view the rules that are available for that category: Licensing LiveUpdate Outbreak Performance Rapid Release Services To view the Symantec Mail Security for Microsoft Exchange computer group in SCOM 1 In the SCOM 2007 Operator Console in the left pane, expand Management Packs Objects. 2 Under Management Pack Objects, select Rules. 3 In the right pane under Rules, expand Type: Symantec Mail Security for Microsoft Exchange Installation to view the rules that are available. To view a rule's Knowledge Base in MOM 1 In the left pane, select the rule type that contains the rules for that category. For example, for the Licensing category, select Event Rules. For the Performance category, select Performance Rules. 2 In the right pane, double-click the rule. 3 In the Rule Properties dialog box, click the Knowledge Base tab. To view a rule's Knowledge Base in SCOM 1 In the left pane, expand Management Packs Objects. 2 Under Management Pack Objects, select Rules. 3 In the right pane under Type: SymantecMailSecurityforMicrosoftExchange Installation, double-click the rule for which you want to view the Knowledge Base. 4 In the Rule Properties dialog box, click the Knowledge Base tab.

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Disabling default rules 15 Disabling default rules All of the Symantec Mail Security for Microsoft Exchange rules are enabled by default. You can disable the rules that you do not want to apply. To disable default rules in MOM 1 In the MOM 2005 Administrator Console under Management Packs, in the left pane, expand RuleGroups, expand Symantec, and then expand Symantec Mail Security for Microsoft Exchange. 2 Select a rule category and a rule type. For example, for the Licensing category, select Event Rules. For the Performance category, select Performance Rules. 3 In the right pane, double-click the rule that you want to disable. 4 In the Event Rule Properties dialog box, uncheck This rule is enabled. 5 Click OK. To disable default rules in SCOM 1 In the SCOM 2007 Operator Console in the left pane, expand Management Packs Objects. 2 Under Management Packs Objects, select Rules. 3 In the right pane under Type: SymantecMailSecurityforMicrosoftExchange Installation, double-click the rule that you want to disable. 4 In the Event Rule Properties dialog box, uncheck Rule is enabled. 5 Click Apply, and then click OK. Viewing Symantec Mail Security for Microsoft Exchange events and performance data You can view Symantec Mail Security for Microsoft Exchange events and performance data in the MOM/SCOM console. The Events view contains the following rule violations: Licensing, LiveUpdate, Outbreak, Rapid Release, and Services. The Performance view contains Performance rule data. To view Symantec Mail Security for Microsoft Exchange events in MOM 1 In the Operator Console in the Views pane, click Events. 2 In the Event Views pane, expand All:Event Views, expand Symantec, and then expand Symantec Mail Security for Microsoft Exchange.

16 Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide Viewing Symantec Mail Security for Microsoft Exchange events and performance data 3 Click SMSMSE Events. The events appear in the SMSMSE Events pane. 4 Select an event to view detailed information. The details appear in the Event Details pane. To view Symantec Mail Security for Microsoft Exchange events in SCOM 1 In the SCOM 2007 Operator Console in the left pane, click Monitoring. 2 In the Monitoring Views pane, expand Monitoring, expand Symantec, and then expand SMSMSE. 3 Click SMSMSE Events. The events appear in the SMSMSE Events in the right pane. 4 Select an event to view detailed information. The details appear in the Event Details pane. To view Symantec Mail Security for Microsoft Exchange performance data in MOM 1 In the Operator Console, in the Views pane, click Performance. 2 In the Performance Views pane, expand All:Performance Views, expand Symantec, and then expand SymantecMailSecurityforMicrosoftExchange. 3 Select the Performance rule that contains the specific criteria that you want to review. The performance data appears in the SMSMSE Performance Data pane. To view Symantec Mail Security for Microsoft Exchange performance data in SCOM 1 In the SCOM 2007 Operator Console in the left pane, click Monitoring. 2 In the Monitoring Views pane, expand Monitoring, expand Symantec, and then expand SMSMSE. 3 Select the Performance rule that contains the specific criteria that you want to review. The performance data appears in the SMSMSE Performance Data pane.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information