Where are the log files stored for Symantec Encryption Desktop (SED) for Linux?
The Symantec Encryption Desktop uses the typical system files for Linux. The logging does not log as detailed as the Windows or Mac clients, however the following log files are used to write to when events such as policy updates take place:
1. /var/log/messages
When policy updates take place, this log file gets populated with information pertaining to encryption. This log file will log details about IOCTL events and partition events.
2. /var/log/dmesg
Because SED has encrypted the drives, "pgpwde" entries will show up in this log upon encrypting the Linux client.
3. /var/log/secure
When certain events such as adding or removing SED Whole Disk users, these events will take place and will be logged in the following way:
User Bob added WDE user Chalie to DiskGroup [uuid here]
4. When the command "pgpenroll --check-enroll" is run, which will update policy from the Symantec Encryption Management Server (SEMS), check the SEMS client logging for events to ensure the client is communicating with the server. There will be logging events such as the following when succcessful:
Tip: To get increased logging, try adding --verbose to the end of the pgpwde commands and more information will be displayed. This does not work for all commands.