How to use the Symantec Endpoint Protection Manager (SEPM) Log Collecting Tool
The Symantec Endpoint Protection Manager Log Collection Tool is used to collect all or subsets of the Symantec Endpoint Protection Manager logs.
The logs are collected and compressed to a zip file called SEPM_logs.zip.
The log collection tool has only one file called collectLog.cmd. By default, it is installed in the \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Tools directory.
The tool can collect all or one of the following Symantec Endpoint Protection Manager logs:
How to Use
Simply running SymDiag v2.1.112 or higher will automatically run the SEPM Log Collection Tool. The tool can also be run on its own. User can use either of the following two approaches to run this tool on its own.
Please note that, as stated in the Collecting Logs document (\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\Tools\collect_log.pdf), this tool collects only the server logs. The Symantec Endpoint Protection client logs are not collected.
In certain cases, Symantec Technical Support may request that the SEPM be configured to generate debug logs. Troubleshooting other issues require the output of a more comprehensive tool such as the Symantec Diagnostics (SymDiag) tool. Please see the Related Articles for further information.