You are having trouble with the alerts created and notifications sent by SCSP - the default log level doesn't show useful information about this component of SCSP. You want to enable DEBUG logging for this feature.

 

The log level of of this (and other) functionality is determined by settings in the following file C:\Program Files\Symantec\Critical System Protection\Server\tomcat\conf\sis-server.properties

First of all - the file is set to read-only - please make a backup copy of the original file and uncheck the read-only attribute of the sis-server.properties file.

Next, find the section with the heading "sisalertmodule.enabled"

#
# sisalertmodule.enabled
#
# sisalertmodule.enabled
# This tag represents the availability of the alert module.
#
# true The alert module is enabled
# false The alert module is disabled
#
# default: true
#
#
# sisalertmodule.filepath
# This tag represents the path of the alert module's
# append-to-file functionality. All files to be appended
# must be in this directory.
#
# default: ../alerts
#
#
#sisalertmodule.enabled=true
#sisalertmodule.filepath=../alerts

The default settings are shown for sisalertmodule.enabled and sisalertmodule.filepath. Uncommenting (removing the #) and changing the value will change the defaults. Changing the defaults is not needed for generating detailed logs, please just verify that the defaults are still set.

Third, find the section with the heading "sisalertlogger.loglevel"

#
# sisalertlogger.loglevel
# sisalertlogger.logsize
# sisalertlogger.logcount
#
# These tags represent the logging settings for the system log.
#
# sisalertlogger.loglevel
# This tag is the minimum log level that will be written to
# the system log.
#
# ERROR
# WARN
# INFO
# DEBUG
# TRACE
#
# default: WARN
#
#
# sisalertlogger.logsize
# This tag is the maximum size of a single log file. The default
# value is specified in bytes. By adding 'K', the value
# becomes kilobytes. By adding 'M', the value becomes megabytes.
# And by adding 'G', the value becomes gigabytes.
#
# 10 10 bytes
# 10K 10 kilobytes
# 10M 10 megabytes
# 10G 10 gigabytes
#
# default: 10M
#
#
# sisalertlogger.logcount
# This tag is the maximum number of log file to keep.
#
# default: 10
#
#
#sisalertlogger.loglevel=WARN
#sisalertlogger.logsize=10M
#sisalertlogger.logcount=10

The default settings are shown for sisalertmodule.enabled, sisalertlogger.logsize and sisalertlogger.logcount. Uncommenting (removing the #) and changing the value will change the defaults. Changing the defaults is not needed for sisalertlogger.logsize and sisalertlogger.logcount but could be changed if many alerts and a lot of logs are generated. The sisalertlogger.loglevel value is of interest here; set the value to DEBUG, only set it to TRACE if asked by your support engineer - generally the DEBUG value is enough.

The only change needed and end result being;

#
sisalertlogger.loglevel=DEBUG
#sisalertlogger.logsize=10M
#sisalertlogger.logcount=10

Save the sis-server.properties file and restart the "Symantec Critical Protection Server" service for the changes to take effect.

Last is to monitor the logfile C:\Program Files\Symantec\Critical System Protection\Server\tomcat\logs\sis-alert.0.log - this log will now show in detail what alerts were created and possible email notifications were send and/or errors during that process.