Learn how to use advanced options in SymDiag to collect debug logging data from a Symantec Endpoint Protection (SEP) or Symantec Endpoint Protection Cloud (SEPC) clients.
This document describes the Symantec Diagnostic (SymDiag) tool’s advanced debug logging settings for Symantec Endpoint Protection. These steps help ensure sufficient, timely, and accurate logs are collected.
Allow sufficient time to generate log data after reproducing the issue.
Capturing good data the first time will reduce the need to go back for more. If an issue is easily reproduced, it may not take long to generate logs. An intermittent problem may take more time. For best results and fastest case resolution, make a list of the steps taken to reproduce the issue. These can be added under “Issue” on the customer information page of SymDiag.
Note: See Collect debug logging data for support cases with SymDiag to learn how to run SymDiag in debug logging mode where these options are presented.
The Advanced Debug logging dialog displays the current Debug Log settings as configured in the registry. Please remember that for SEP CLOUD the advanced options will not be available as a button, however, you can reproduce the issue and the necessary logs will be generated normally, not being necessary to make any changes.
The advanced options are:
To reach the advanced settings, check “Endpoint Protection Client” in the Debug Logging section and then click “Advanced...”.
Vpdebug logging, SMC debug logging, and Sylink debug logging are configured in this window. The settings shown here are the default settings. These will be chosen if you check "Endpoint Protection Client" and "Next" without using the 'Advanced...' button.
For WPP debug logging, there are two choices, “WPP” and “WPP reboot”.
Currently, no configuration settings are available for this feature. Maximum file size is set to 50MB. Once a log reaches this size, however, a new log is created. This allows for longer issue reproduction times. The current setting for logging level is 4.
Note: If SymDiag is run with the command-line -sepwpp, the original method for WPP Reboot is avaliable. The current default method (see above) has significantly improved the depth of WPP logging data collected, so this older, no-longer-default method should only be used in special circumstances. General settings are Max duration, MaxFileSizeMB, MaxFiles. Duration is the length of time (in milliseconds) that WPP logging will be done. MaxFileSize is the maximum size (in MB) of the log file. MaxFiles is the number of old log files to keep before starting a new log. Only change these settings on the advice of a support engineer.
For SEPC and SEP SBE, additional information can be found within the article "Collect Windows Preprocessor logs for Endpoint Protection Cloud and Endpoint Protection Small Business Edition"