Endpoint Agent Logging Levels (version 11.6 and later)

book

Article ID: 159459

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover

Issue/Introduction

 

Symantec provides loggers which can log information about Data Loss Prevention components and services for Endpoint Discover and Endpoint Prevent. Symantec Technical Support can use the logs to troubleshoot or improve performance for a Symantec Data Loss Prevention Endpoint installation.

 

 

Resolution

The amount of data that is captured by the loggers can be configured by assigning a log level to each logger through the Enforce Server administration console. For information on configuring the Endpoint Agent log levels, see "Setting the log levels for an Endpoint Agent" in the Symantec Data Loss Prevention Administration Guide.

The following table lists the available Endpoint loggers with the types of issues that the loggers can be used to troubleshoot.  

Endpoint logger component Troubleshooting scenario
ApplicationSettingsHandler
ConfigurationManager
ConfigurationSettingSetHelper
EndpointLocationHandler
FileFiltersHandler
NetworkPreFilterHandler
WebEncodingsHandler

These loggers are used to troubleshoot issues with interpreting the marshallable and persisting configuration data into the database.

aplginst
ffxexplginst
Installer
ltnexplginst
otlkplginst
These loggers are used to troubleshoot issues with installing plug-ins.
AgentServices
ApplicationInformation
CredentialManager
EnvironmentStringResolver
FileUtilityService
FilterConfig
IPCLogManagerHelper
License
RemovableDeviceManager
SystemEventLogger
ThreadPoolAndTimer
UserGroupResolver
WebEncoding
These loggers are used to troubleshoot issues with the core services on the endpoint computer.
IncidentEvictor
IncidentHandler
IncidentHandlerConfiguration
IncidentStoreConnector
SecurityContext
SendIncidentsTask
SendTwoTierResultTask
TwoTierEvictor
TwoTierStoreConnector
These loggers are used to troubleshoot issues related to persisiting or sending of incidents.
Address
AddressChangeMonitor
AddressChangeMonitorTask
AESSecurityContext
AggregatorCommunicator
AggregatorCommunicator::EnforceStructuredDataBridgeToRemotable
AggregatorCommunicator::FileRequestToRemotable
AggregatorCommunicatorMessageListener
AggregatorOutputStream
AggregratorCommunicator::BridgeMessageEnvelopeRemoteToMessage
BackoffStrategy
BandwidthMonitor
ConnectWaitOperation
Dataflow
dataflow::BufferReceiver
dataflow::Configurator
dataflow::MarshallableReceiver
dataflow::Messenger
dataflow::ReceiverTypeDispatcher
dataflow::Remotable
dataflow::SimpleReceiverObserver
dataflow::StructuredPublicationReceiver
dataflow::StructuredPushReceiver
dataflow::StructuredTypeRegistrar
DisconnectedTask
LocationSubsystem
MessengerTask
OperationManager
PushOperationTask
ReadOperation
RedundancySubsystem
RemotableDeliveryReport
RemotableSender
ReverseDNSLookupTask
Transport
TransportConfig
TransportFactory
TransportOperation
TransportStructures
WriteOperation 
These loggers are used to troubleshoot issues related to communication between the Endpoint Server and the endpoint computer. 
AFACDetectionRequest
ApplicationChecklist
DetectionRequestAddTask
DirectoryWatcher
DirectoryWatcher::WatcherThread
FileRecoveryPurgeManager
FileSystemConnector
FileSystemDetectionRequest
FileSystemDriverCommunicationPort
FileSystemMessageListener
LegacyDriverCommunicationPort
LegacyFilterConnector
These loggers are used to troubleshoot issues related to sharing and access violations with the FileSystem and File Path Resolution (FPR) services.
AIMMonitor
ClipboardMonitor
FirefoxExtension
HookManager
IEMonitor
LotusNotesExtension
OutlookAddin
PrintMonitor 
These loggers are used to troubleshoot issues related to hooks and plug-ins. 
ComponentManager
LicenseManager
UnexpectedErrorHandler 
These loggers are used to troubleshoot issues related to the core services of Symantec Data Loss Prevention.
DetectionResponseCache
DetectionScheduler
SchedulerTimeout
SystemResourceManager
These loggers are used to troubleshoot issues with content that is not scanned by the detection service.
ApplicationConnector This logger is used to troubleshoot issues related to hooks and plug-ins.
FileOperationDetectionRequest This logger is used to troubleshoot issues related to detection.
CacheStatistics This logger is used to troubleshoot issues related to memory capacity.
AGENTMGMT
AGENTMGMT:AgentTask
AGENTMGMT:ManagementTask
AgentmgmtCommunicator
This logger is used to troubleshoot issues related to managing DLP Agents.
EDarDetectionRequest This logger is used to troubleshoot issues related to Endpoint Discover scans.
RTAMConnector
RTAMMessageListener
These loggers are used to troubleshoot issues with the Endpoint core services.
CommandRuntime
FlexResponseHost
FlexResponsePluginProxy
IncidentPostProcessor
PluginProxy
QuarantineManager
These loggers are used to troubleshoot issues related to the execution of Endpoint response rules.
Service  This logger is used to troubleshoot issues with DLP Agent services and communication. 
CUI
UIProxy
These loggers are used to troubleshoot issues with the DLP Agent user interface.
NetworkCacheStats
NetworkConnector
These loggers are used to troubleshoot issues with IM, HTTP, and the Endpoint core-network framework.
AgentDetection This logger is used to troubleshoot issues with DLP Agent detection.
CrashDumpController
MessageLogger 
These loggers are used to troubleshoot issues with the Endpoint core services. 
Chunker
CompiledConditionStore
ComponentFileDescriptor
ContentExtraction
CSettingUpdater
CustomScriptDIValidator
DataIdentifier
DataIdentifierManagement
DataIdentifierMatcher
DetectionChain
DetectionConfiguration
DetectionPerformance
DetectionRequestFactory
DetectionResultSender
DetectionStubChain
DetectionTaskExecutor
DirectoryGroups
DIValidators
EngineFactory
ExecutionStore
Executor
FatalErrorSender
GroupBasedPolicies
IncidentBuilder
KvContainerFile
KvDocumentTypeDetector
KvSessionInitializer
KvTextExtractor
MachineLearning
MessageStore
MessageStoreFolder
MLDProfileManager
OriginalMessageFactory
PatternFsm
PolicyObserver
PolicyStoreConnector
PolicyUpdateNotifier
ProtocolRecipientMatcher
RulesResultsCache
TempFile
UnicodeNormalizer
UserGroupExtractor
Utf8ToUCSConverter 
These loggers are used to troubleshoot issues related to the detection of file content.