RSA Admin

field delimeters in Symantecavmsg.xml

Discussion created by RSA Admin Employee on Oct 17, 2008

For those of you have installed last months device update AND you run Symantec Antivirus  (not referring to SEP),  I'm curious to know if anyone has noticed any problems with the way the file parses the symantec AV events?  Specifically Message IDs "Virus:02" , most all "Virus Found" messages, and several others.    I've observed that the xml accounts for two periods as field delimeters in most all cases ".." however my log data payload from a vanilla non-modified SAV server contains four "...." in almost all cases.

 

I have a case open with support, but just curious if anyone else has experienced any problems.

 

Anyone interested in taking a quick peak in event viewer at your sav 10.1 logs and tell me if you get two or four for your field delimeters?

Outcomes