search cancel

Endpoint Protection Manager not writing to syslog dump files, such as agt_system.

book

Article ID: 175330

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When sending logs from a Symantec Endpoint Protection Manager (SEPM) to an external logging solution, logs for most events are properly written to the Program FIles (x86)\Symantec\Symantec Endpoint Protection Manager\data\dump folder, but one or more log files are either not created or not updated.  This usually affects the agt_system log file.

No error messages are displayed

Environment

Symantec Endpoint Protection 14.x

Cause

When the SEPM is writing data to syslog text files, it compares the USN of data on the SEPM to the USN for a given LogType (for example, "LT_AGT_SYSTEM_LOG") in the SemSiteState table.  The value for the USN in SemSiteState table can on occasion be incremented far beyond the USN range for actual data entries on the SEPM, meaning that no data will be written to the syslog dumps for a given log type.

Resolution

Please contact Broadcom Support for a tool (FixExternalLoggingUSN) to correct USN values in SemSiteState.