ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Command-line configuration of debug logging in SymDiag for Endpoint Protection


Article ID: 172068


Updated On:


Endpoint Protection Symantec Products


Configure the Symantec Diagnostic Tool (SymDiag) to gather debug log information from Symantec Endpoint Protection (SEP) client from the command-line so that debug logging can occur without the user's awareness or interruption of their activity. Use the SymDiag Advanced Debug Options UI to configure potentially complex settings. Set a timer for how long debug logging will take place and also stop the timer early in order to commence data collection.


  • SEP 12.x
  • SEP 14.x
  • Microsoft Windows


It is possible to configure SymDiag (v2.1.244 or later) to perform complex debug logging actions at the command-line (silently) by using the ability to save a debug logging configuration to an xml file and placing that file in the same directory as SymDiag. Then launching SymDiag from the command-line will cause SymDiag to digest that configuration file and configure the Symantec Endpoint Protection (SEP) client for debug logging for a specified period of time. After (or before) the time has elapsed debug logging can be disabled and data collection completed.

Additionally, as these files are not system-specific, support agents can create these configuration files for their customers in by doing so help to ensure that the data needed will be collected by SymDiag.

Use of this feature requires performing the following tasks:

  1. Creating the debug logging configuration file in the SymDiag UI
  2. Determine the method for issue reproduction
  3. Launch SymDiag from the command-line
  4. Retrieve the data

Creating the debug logging configuration file in the SymDiag UI

To create the debug logging configuration file that will be used for running SymDiag on the command-line use the SymDiag UI to configure and save the configuration.

  1. Start SymDiag.
  2. Choose 'Collect Data for Support' on the Home page.
  3. Select Endpoint Protection Client in the Select Products page.
  4. Check the box 'Endpoint Protection Client' in the Debug Logging section of the Select Data Type page.
  5. Click the 'Advanced...' button.
  6. In the Advanced debug logging settings dialog configure debug logging (see Advanced debug logging options in SymDiag for Endpoint Protection clients for more information).
  7. Click the 'Save Debug Configuration' button to save a configuration file to a location of your choice.
  8. A dialog appears indicating the successful save and the name and path of the file.

Determine the method for issue reproduction

Debug logging with SymDiag is best performed once the method for determining how to capture the issue has been chosen. Generally there are two methods:

  • Run debug logging until the issue has been determined to have been reproduced.
  • Run debug logging for a period of time during which the issue is likely to have been reproduced.

Verifying or even manually causing the issue is the ideal but in other cases it is necessary to let debug logging run for a period of time and have support review the data later in order to determine if the issue of interest has been captured.

Launch SymDiag from the command-line

  • Place the configuration file in the same directory as SymDiag.
  • Execute SymDiag from the command-line using the following parameter:
    • SymDiag.exe -sepwppdebug
  • Once the issue has been reproduced, run the following command-line statement:
    • SymDiag.exe -sepwppdebugdisable
  • Alternately, to automatically cause SymDiag to disable debug logging after a specified number of minutes, run the following command-line statement:
    • SymDiag.exe -sepwppdebug ###
    • ...where ### is an integer value representing the number of minutes that debug logging is to take place.
  • Running the command SymDiag.exe -sepwppdebugdisable will also cause the timed session of SymDiag to stop immediately and proceed to data collection.

Retrieve the data

Once SymDiag completes data collection the data will be saved in a file with the extension of .sdbz on the system. To direct this file to a specific location see Command-line parameters for SymDiag for a list of command-line parameters. Alternately run SymDiag.exe -h to see a help dialog.