ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Enabling Sylink logging for the Symantec Endpoint Protection client for Linux

book

Article ID: 161228

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You want to know how to log client-server Sylink communications on the Symantec Endpoint Protection (SEP) client for Linux.

Resolution

Please be aware of the two path differences, noted below, depending on SEP version.

  1. Create a new text file named /etc/symantec/sep/log4j.properties
    NOTE: In SEP 12.1 this path is /etc/symantec/log4j.properties
  2. Open the file in a text editor and add the following lines:
    log4j.appender.A1=org.apache.log4j.FileAppender
    log4j.appender.A1.fileName=/var/symantec/sep/Logs/debug.log 
    # NOTE: in SEP 12.1 change path above to /var/symantec/Logs/debug.log
    log4j.appender.A1.layout=org.apache.log4j.PatternLayout
    log4j.appender.A1.layout.ConversionPattern=%d{%Y-%m-%dT%H:%M:%S.%l%Z} %t %p %c{2.EN_US} %m%n
    log4j.rootCategory=DEBUG, A1
    
  3. Restart the smc daemon: sudo service smcd restart
  4. Sylink communications data is now written the log file path as configured in log4j.properties above.
    • Once enabled, entries in the debug.log should appear with the [DEBUG] designator.

In order to disable debug logging, simply rename or delete the log4j.properties file and restart the smc daemon.

 

See also How to collect diagnostic information for the Symantec Endpoint Protection Linux client after debug logging has run.

Attachments

log4j.properties get_app