Enabling Apache server debugging for the Endpoint Protection Manager

book

Article ID: 177702

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection Manager (SEPM) Apache server does not generate verbose error and access logging by default. 
 
Use these steps to enable detailed debug logging for the SEPM Apache server. This is useful with troubleshooting Apache errors or crashes, or for tracing client-server communications issues.

Environment

SEP (Symantec Endpoint Protection) 12.x and 14.x

Resolution

The SEPM Apache server can host 3 different Web sites: a client-server communications Web site on port 8014, an SSL reporting Web site on port 8445 and an SSL client-server communications Web site on port 443. By default, the Apache server only logs high severity error events from the client-server communications Web site and does not log any access events. Error and access logging for the SSL reporting and SSL client-server communications Web sites are disabled by default. The following steps will enable verbose error logging and access logging for each of the SEPM Apache Web sites.

Note: The SSL client-server Web site is disabled by default.

Enabling debugging for the client-server communications Web site

  1. Open Notepad as administrator by right-clicking on it and clicking Run as administratorNote: If you do not run as administrator or move the file to another location, you will get an error when trying to save the file.
  2. Open the file X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf (where X is the volume where the SEPM is installed).
  3. Change the line LogLevel warn to LogLevel debug.
  4. Remove the "#" character from the beginning of the line #CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 100M" combined
  5. Save the changes to httpd.conf.
  6. Restart the Symantec Endpoint Protection Webserver service.
  7. Locate access-<Time Zone>.log and error-<Time Zone>.log in the X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\logs folder.

Enabling debugging for the SEPM Reporting Web site

  1. Open Notepad as administrator by right-clicking on it and clicking Run as administrator. Note: If you do not run as administrator or move the file to another location, you will get an error when trying to save the file.
  2. Open the file X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\ssl\ssl.conf (where X is the volume where the SEPM is installed).
  3. Change the line #ErrorLog "|| bin/rotatelogs.exe logs/ssl_error-%Z.log 100M" to ErrorLog "|| bin/rotatelogs.exe logs/sslReporting_error-%Z.log 100M".
  4. Change the line #CustomLog "|| bin/rotatelogs.exe logs/ssl_access-%Z.log 100M" ssl_common to CustomLog "|| bin/rotatelogs.exe logs/sslReporting_access-%Z.log 100M" ssl_common.
  5. Save the changes to ssl.conf.
  6. Restart the Symantec Endpoint Protection Webserver service.
  7. Locate sslReporting_error<Time Zone>.log and sslReporting_access<Time Zone>.log in the X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\logs\ssl folder.

Enabling debugging for the SSL client-server communications Web site

Note: You do not need to enable this logging unless you previously enabled SSL client-server communications.

  1. Open Notepad as administrator by right-clicking on it and clicking Run as administrator. Note: If you do not run as administrator or move the file to another location, you will get an error when trying to save the file.
  2. Open the file X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\sslForClients.conf (where X is the volume where the SEPM is installed).
  3. Change the line #ErrorLog "|| bin/rotatelogs.exe logs/ssl_error-%Z.log 100M" to ErrorLog "|| bin/rotatelogs.exe logs/sslForClients_error-%Z.log 100M".
  4. Change the line #CustomLog "|| bin/rotatelogs.exe logs/ssl_access-%Z.log 100M" ssl_common to CustomLog "|| bin/rotatelogs.exe logs/sslForClients_access-%Z.log 100M" ssl_common.
  5. Save the changes to sslForClients.conf.
  6. Restart the Symantec Endpoint Protection Webserver service.
  7. Locate sslForClients_error<Time Zone>.log and sslForClients_access<Time Zone>.log in the X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\logs\ssl folder.