search cancel

How to enable and collect verbose logs on a CCS 12.5.x agent in the CCS Console

book

Article ID: 163986

calendar_today

Updated On:

Products

Control Compliance Suite Windows Control Compliance Suite Control Compliance Suite Unix Control Compliance Suite Standards Server

Issue/Introduction

Control Compliance Suite (CCS)

You are troubleshooting problems on the CCS 12.5.x agent need to increase the logging level to get more information on what is causing the issue, and then be able to collect the verbose logs from the agent.

 

Environment

CCS 12.5.x agents  (12.0 and 12.5 agents do not have this functionality and have to use the manual steps).

 

Resolution

How to enable and collect verbose agent logs:

Using the CCS Console

  1. In the CCS console, go to the Asset System -> Agents and highlight the agent you need to set verbose logging.  Right click and select 'Agent Settings'
  2. In the Agent Settings Window, select the 'Fetch configuration parameters from agent'.  This will contact the agent and show the current agent's settings.
  3. When the configuration setting appear, find the 'ESM_LOG_LEVEL' and the value to a 6.  (Default value is 3)
  4. Check the 'Restart agent after setting configuration parameters' in the lower left and then click 'OK'.
  5. When prompted to save changes, click 'Yes'.
  6. Wait 3-5 minutes for the agent's services to stop and then restart.
  7. Duplicate the issue on the agent.
  8. After you have duplicated the issue, right click on the agent and select 'Get Agent Logs' (this option is greyed out if the CCS agent is not 12.5.1 or newer).
  9. When prompted to get logs from the agent, click 'Yes'.
  10. Save the .zip file somewhere you can easily find it on your computer.
  11. Attach the entire zip file to the case or send it to support for analysis.
  12. Repeat steps 1 - 5 to reset the agent log level back to 3 (default).

 

How to manually set verbose logging on a CCS agent (CCS agent version 12.5 or lower)

The first step in data collection analysis when agents are involved is to enable verbose logging on the CCS agent(s) after cleaning out the existing, old log files. Then to reproduce the data collection attempt to try and trap the issue in the logs for analysis.

To enable debug logging locally on CCS Windows Agents:

  1. Stop the agent service (Control panel > Administrative tools > Services > Symantec CCS Agent)
  2. Navigate to \Program Files (x86)\Symantec\Enterprise Security Manager\ESM\system\<hostname>  folder and delete the esmagent.log file as well as the dcmodule.log file. (Note: These files will be recreated on the next job run)
  3. Now navigate to \Program Files (x86)\Symantec\Enterprise Security Manager\ESM\Config\ directory and make a backup of the agent.conf file.
  4. Edit the original agent.conf file and find the ESM_LOG_LEVEL setting and change the value to 6:
    ESM_LOG_LEVEL=6
  5. Save and exit the agent.conf file.
  6. Start the agent service (Control panel > Administrative tools > Services > Symantec CCS Agent)
  7. Reproduce the data collection issue to generate verbose logs on the agent.
  8. Gather the following files\folders:
    1. All *.log and *.err files from the \Program Files (x86)\Symantec\Enterprise Security Manager\ESM\system\<hostname>  folder.
    2. Zip up the entire folder at \Program Files (x86)\Symantec\Enterprise Security Manager\ESM\system\<hostname>\DCInfra
  9. Turn off verbose logging by repeating Steps 1-6 above and set the 'ESM_LOG_LEVEL=3' (default).
  10. Zip up all of the logs from Step 8.1 and 8.2 and attach them to the support case.

 

To enable debug logging locally on CCS UNIX\Linux Agents: 

 

   

  1. As root, from the /esm directory run the following command to stop the agent's daemon:
    ./esmrc stop                                   (example on Red Hat: # /esm/esmrc stop).
  2. Change directory to /esm/config
  3. Backup the file called:  agent.conf       (i.e.  cpy agent.conf  agent.conf.bak )
  4. With a text editor like vi, edit the original agent.conf  file.
  5. Set the ESM_LOG_LEVEL value to 6 (example: ESM_LOG_LEVEL=6).  The default value is 3.
  6. Save and exit the agent.conf file.
  7. From the /esm directory, restart the agent's daemon by running the following command:
    ./esmrc start
  8. Reproduce the data collection issue to generate verbose logs on the agent.
  9. Gather any and all logs from the /esm/system/<hostname>  folder that have the extension *.log, *.bak  and *.err and zip them into one file.
  10. Repeat steps 1-7 to reset the log level back to default logging level 3.
  11. Attach the logs .zip file to the Support case.

Attachments