Increasing Endpoint Agent log size and number

book

Article ID: 159675

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

When I increase logging to FINEST on the Endpoint Agent, the logs roll too quickly.  Is there a way to increase the number and size of the edpa_ext*.log files?

Resolution

 

By default, there are two edpa logs created, edpa_ext0.log and edpa_ext1.log.  This is configurable using vontu_sqlite3

vontu_sqlite3 -db=cg.ead -p=password

NOTE: All Endpoint tools are located in the installation package in the Tools directory. See TECH249541 for details.

NOTE: This tool must be executed and present in the same directory as the agent's keystore file (ks.ead). This file is normally installed in the agent installation folder, e.g. _c:\program files\manufacturer\endpoint agent. If the password is not entered at the command line, the tool will prompt you for a password.

Once debugging is turned on, you should see a sql prompt.  Type the following instructions at the prompt. At each line hit "Enter".  Modify the defaultkey to one of the following values noted:

 

To increase the number of logs to 10:

INSERT INTO configuration VALUES('Logging','MaxFiles','int','10');

To increase the maximum file size:

INSERT INTO configuration VALUES('Logging','MaxFileSizeBytes','long','10240000');