Collect full Support Logs using SymDiag Tool and Enforce

This article is to show how to collect full logs using the SymDiag tool as well as collecting Agent logs from the Enforce Console.

The Symantec Diagnostic (SymDiag) is a utility designed for troubleshooting and identifying common issues that customers encounter.

A. Collect Logs Using SymDiag Tool

B. Collect Agent Logs from Enforce

C. Collect General Enforce and Detection Server Logs

=====================================================================

A. Collect Logs Using SymDiag Tool

Appliance/Linux Customers

 

1.For Appliance customers make sure your Enforce and or Detection server is on IDACT 3.0-11 or newer.

 

2. Download and start the SymDiag (symdiag.run) tool (https://knowledge.broadcom.com/external/article?legacyId=tech170752) and place on system from which logs are needed. Place in /tmp directory.

 

wget -P /tmp/ https://repo.insightdlp.com/Vul/symdiag.run

chmod 777 /tmp/symdiag.run

 

3. Run the tool

cd /tmp

sudo ./symdiag.run

mceclip0.png

4. Collect/offload the symdiag output file.

mceclip1.png

 

5. Provide the symdiag log to support for further review.

mceclip2.png

 

Windows Customers

1. Download and start the SymDiag tool (https://knowledge.broadcom.com/external/article?legacyId=tech170752) and place on system from which logs are needed

mceclip0.png

 

2. When you launch SymDiag, it first verifies the version status with Symantec. If there is a newer version of SymDiag available, SymDiag updates itself automatically. Click I accept the EULA to continue.

 

mceclip1.png

 

3. On the Home screen, click Collect data for support, and in the dialog that opens, select the product(s) for which you need to collect the data. Then click Next.

 

mceclip2.png

 

mceclip4.png

 

4. Unless directed otherwise by the Technical Support Engineer for your case, select All Data, then click Next.

 

mceclip3.png

mceclip5.png

mceclip6.png

 

5. When SymDiag completes the scan collection, the “Save the report file” screen appears. Fill in the customer information, then do the following:

  • To save a local copy of the report to your desktop click Save.

mceclip7.png

mceclip8.png

 

6. Screenshot of the "Report" Page

 

mceclip0.png

 =========================================================================

 

B. Collect Agent Logs from Enforce

 

Before collecting log files you will want to have the FINEST level logging set, then duplicate the issue, and then collect the logs.

 

To set log levels to finest:

1. Browse to the Agent Overview. System > Agents > Overview.

mceclip0.png

 

Click the number under the green checkbox to view the OK clients.

 

mceclip1.png

 

2. Check the checkbox next to the agent you want to increase the logging level for.

mceclip4.png

3. Click the Troubleshooting dropdown and select "Set Log Level"

mceclip6.png

4. On the Log Level drop-down select "FINEST". Leave all agent logger components checked then click OK

 

mceclip7.png

A Task Running icon (clipboard with a play button) will appear next to the agent. If the agent does not communicate with the server in the configured timeout window then the task will timeout and the logging level will not be increased. If that is the case then check the client communication.

mceclip8.png

 

When done should look like this to show log levels were changed:

mceclip9.png

 

 

Steps to Collect Agent logs from Enforce

 

Gathering the Endpoint Agent logs directly from the Enforce UI is a two step process in which an Endpoint Agent task is sent from the Enforce Server to the Endpoint Agent. Once the task is complete, then the logs can be gathered from the Endpoint Server.

 

Step 1: Instruct Agent to upload files to Endpoint Server

1. Go to System>Agent Overview and Select the affected agent.

2. After selecting the affected agent, select the drop down menu and select "Pull Logs". 

mceclip10.png

3. Select Agent logs then click OK.

mceclip11.png

A task running icon (clipboard with play button) should now appear next to the agent. Once the log files have been collected from the agent this should disappear. Wait for the task running icon to disappear before moving to step 2.

mceclip12.png

 

Step 2: Collect logs from Endpoint Server

 

Once the task has been sent to the Endpoint Agent use the following steps to gather the Endpoint Agent logs from the Endpoint Servers.

  1. Go to System> Server> Logs
  2. Select the drop down and choose the Endpoint Server
  3. Select the Agent logs dialog box and Enforce logs (if needed)

mceclip15.png

     4. Select Collect Logs button

An "in Progress" and "waiting to receive files from x servers" message should appear below the check boxes.

mceclip16.png

Once the log files are available a link will appear to download a .zip that contains the logs.

mceclip17.png

 

Send both SymDiag Tool .sdbz file and Endpoint Agent .zip file logs to INSIGHT Support

 =========================================================================

 

C. Collect General Enforce and Detection Server Logs

Step 1: Collect logs

  1. Go to System> Server> Logs
    **Set "Diagnostic Logging Setting" accordingly, if needed
    mceclip0.png
  2. Select the drop down and choose the Detection Server (If applicable)
  3. Select "Date Range" = Last 24 hours.
  4. Selected "Operational Logs" and "Debug and Trace logs"

mceclip0.png

     4. Select Collect Logs button

An "in Progress" and "waiting to receive files from x servers" message should appear below the check boxes.

mceclip16.png

5. Once the log files are available a link will appear to download a .zip that contains the logs.

mceclip17.png

6. Send .zip file logs to INSIGHT Support

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.