Logging on the Endpoint can be turned on for specific modules using the Vontu_sqlite3 utility.
For Versions 11.6 and above, see Endpoint Agent Logging Levels (version 11.6 and later): http://www.symantec.com/docs/TECH218776
Turning on Endpoint debugging requires editing the cg.ead database, as described in TECH219080.
Run the following command.
E.g. insert into configuration values('Logging','ClipboardMonitorLevel','str','FINEST');
where ClipboardMonitorLevel is name of the logger used for logging the clipboard logs.
For a list of logger names for various modules refer to Various Modules and their Logger names section. FINEST is the maximum level at which logs should be written to the file.
Restart the agent using "sc stop edpa" from the command prompt. Watchdog will restart the agent.
Component | Logger Name | Comments |
---|---|---|
Clipboard | ClipboardMonitorLevel | Get logs of clipboard monitoring from the application which is being hooked. |
PrintMonitorLevel | Get logs of print monitoring from the application which is being hooked. | |
Internet Explorer (IE) | IEMonitorLevel | Get logs for IE monitoring module. |
Firefox (FF) | FirefoxExtensionLevel | Get logs for firefox extension. |
Outlook | OutlookAddinLevel | Get logs for Outlook plug-in. |
Lotus Notes | LotusNotesExtensionLevel | Get logs for Lotus Notes plug-in. |
Application Connector | ApplicationConnectorLevel | The agent counter part for all the modules which are outside the Agent, e.g. Clipboard, Print, IE etc. except CUI.) |
Hook Manager | HookManagerLevel | Get logs for code injection. |
Plug-in Manager | InstallerLevel | Get logs for MSI install failure errors. |
FileSystem Connector | FileSystemMessageListenerLevel | Get logs for filesystem monitoring module. |
Message Logger | MessageLoggerLevel | Get logs for the message flow. Illuminates the progress of detection on agent events. Raise this to FINER in order to view the progress of eDAR incidents. |
Network connector, Application connector & Plug-in Manager | PerformanceLevel | Logs the size of the various cache used in the endpoint agent code, during the shutdown call. |
Active Directory Resolution | UserGroupResolverLevel | Turns on logging of AD group resolution. |