Endpoint Agent Logging Levels (up to version 11.5)

book

Article ID: 160383

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

Logging on the Endpoint can be turned on for specific modules using the Vontu_sqlite3 utility.

 

 

For Versions 11.6 and above, see Endpoint Agent Logging Levels (version 11.6 and later): http://www.symantec.com/docs/TECH218776

Resolution

 

Turning on Endpoint debugging requires editing the cg.ead database, as described in TECH219080.

Run the following command.
E.g. insert into configuration values('Logging','ClipboardMonitorLevel','str','FINEST');

where ClipboardMonitorLevel is name of the logger used for logging the clipboard logs.

For a list of logger names for various modules refer to Various Modules and their Logger names section.   FINEST is the maximum level at which logs should be written to the file.

 

Restart the agent using "sc stop edpa" from the command prompt. Watchdog will restart the agent.

 

 

Various Modules and their Logger names

Component Logger Name Comments
Clipboard ClipboardMonitorLevel Get logs of clipboard monitoring from the application which is being hooked.
Print PrintMonitorLevel Get logs of print monitoring from the application which is being hooked.
Internet Explorer (IE) IEMonitorLevel Get logs for IE monitoring module.
Firefox (FF) FirefoxExtensionLevel Get logs for firefox extension.
Outlook OutlookAddinLevel Get logs for Outlook plug-in.
Lotus Notes LotusNotesExtensionLevel Get logs for Lotus Notes plug-in.
Application Connector ApplicationConnectorLevel The agent counter part for all the modules which are outside the Agent, e.g. Clipboard, Print, IE etc. except CUI.)
Hook Manager HookManagerLevel Get logs for code injection.
Plug-in Manager InstallerLevel Get logs for MSI install failure errors.
FileSystem Connector FileSystemMessageListenerLevel Get logs for filesystem monitoring module.
Message Logger MessageLoggerLevel Get logs for the message flow.  Illuminates the progress of detection on agent events.  Raise this to FINER in order to view the progress of eDAR incidents.
Network connector, Application connector & Plug-in Manager PerformanceLevel Logs the size of the various cache used in the endpoint agent code, during the shutdown call.
Active Directory Resolution UserGroupResolverLevel  Turns on logging of AD group resolution.