You request to know how to collect CSAPI logging for the Symantec Protection Engine (SPE).

Note: CSAPI logging is intended for debugging the SPE, therefore it should be enabled only at the request of a Broadcom Support Engineer.

CSAPI Debug Settings

Below is an explanation of each of the CSAPI Debug settings as well as if the setting is required and the default value.

Enabling CSAPI debug logging

SPE 9.x and newer:

As of SPE 9.x CSAPI logging can be enabled without the need to restart the SPE service.

1. Create a file named logging.conf
2. Add the required parameters, as well as any options parameters desired, to this file using the following format:

   [csapi-log-config]
   CSAPI_DEBUG_LOG_ENABLE=<true/false>
   CSAPI_DEBUG_LOG=<log file name>
   CSAPI_DEBUG_LEVEL=<log level between 0-5>
   CSAPI_DEBUG_FILE_SIZE_LIMIT=<file size limit>
   CSAPI_DEBUG_MAX_LOG_FILES=<max log files>

3. Copy the logging.conf file to the SPE installation folder (i.e. /opt/SYMCScan/bin)
4. SPE will look for the logging.conf file every 30 seconds and once found will validate, enable debug logging, and delete the file.  If there are any issues with validating the setting, or if there is an error loading/reading the file, then SPE will log an error.
5. Verify that the CSAPI logs are being created

SPE 8.2.2 and older:

1. Stop the SPE service.
   /etc/init.d/symcscan stop
    
2. Take a backup of the current symcscan.sh script.
   cd /opt/SYMCScan/bin
cp -p symcscan.sh symcscan.sh.bak
    
3. To enable CSAPI debug logging, insert lines similar to the following right after the comment in symcscan.sh:
   

   CSAPI_DEBUG_LOG=<log file name>
   CSAPI_DEBUG_LEVEL=<log level between 0-5>
   CSAPI_DEBUG_FILE_SIZE_LIMIT=<file size limit>
   CSAPI_DEBUG_MAX_LOG_FILES=<max log files>
   export CSAPI_DEBUG_LOG
   export CSAPI_DEBUG_LEVEL
   export CSAPI_DEBUG_FILE_SIZE_LIMIT
   export CSAPI_DEBUG_MAX_LOG_FILES

4. Restart the SPE service.  (Note: Each restart the SPE service will cause an additional 1 + CSAPI_DEBUG_MAX_LOG_FILES files to be created)
    /etc/init.d/symcscan start
    
5. Verify CSAPI logs are being created.

Disabling CSAPI debug logging 

SPE 9.x and newer:

There are two ways to disable CSAPI debug logging in SPE 9.x and newer which are listed below:

1. Restart the SPE service:
   /etc/init.d/symcscan stop
2. If restarting the SPE service is not possible then:
   1. Create a file named logging.conf
   2. Add the following parameters to the logging.conf file:

      [csapi-log-config]
      CSAPI_DEBUG_LOG_ENABLE=false
      CSAPI_DEBUG_LOG=/var/log/csapi.log
      CSAPI_DEBUG_LEVEL=0

   3. Copy the logging.conf file to the SPE installation folder (i.e. /opt/SYMCScan/bin)
   4. Wait 30 - 60 seconds then verify that no new entries are being written to the CSAPI logs

SPE 8.2.2 and older:

1. Stop the SPE Service
    /etc/init.d/symcscan stop
    
2. Comment out the lines inserted in steps 3 and 4/5 from "Enabling CSAPI debug logging" > "SPE 8.2.2 and lower" above or replace with the original scripts.
3. Restart symcscan
    /etc/init.d/symcscan start

Wrong platform?

For collecting SPE VERBOSE logs, CSAPI debug logs, and Stargate VERBOSE logs on Windows, see:

https://knowledge.broadcom.com/external/article/211023