Instructions on turning on debug logging for Symantec Security Information Manager (SSIM) collectors

Symptoms
Events are either missing or not showing correctly in the SSIM console.

The best way to enable collector debug mode is using esdiag.

To download and use esdiag, use article: http://www.symantec.com/docs/TECH88921

To turn on debug logging for the collector without using esdiag, browse to the directory where the collector is installed on machine. 

• Windows 32bit default path is C:\Program Files\Symantec\Event Agent\collectors\<collector>
• Windows 64bit default path is C:\Program Files (x86)\Symantec\Event Agent\collectors\<collector>
• Unix the default path is /opt/Symantec/sesa/Agent/collectors/<collector>

Note: "<collector>" indicates the individual collectors in the directory. 

1. Stop the Symantec Event Agent.
2. Navigate to the directory of the collector that needs to be set to Debug logging.
3. Open the log4j.properties file using a text editor.
4. Edit the line log4j.level=INFO to log4j.level=DEBUG
5. Change the log file size line log4j.maxfilesize=100KB to log4j.maxfilesize=10000KB
6. Change the number of backups line log4j.maxbackups=5 to log4j.maxbackups=10
7. Start the Symantec Event Agent.

To turn off debug logging for the collector, change the settings in the log4.properties file back to the original settings following the same steps.